SlideShare a Scribd company logo

Into the Fluffs: Security Comliance and Audit in the Cloud

Pouria Ghatrenabi
Pouria Ghatrenabi

With the Cloud migration waves in almost all types of organizations, audit and compliance programs have to jump into the world of cloud. Cloud platforms provide unique capabilities and challenges for audit and compliance professionals.

Technology
1 of 30
Download to read offline
Title Name Role Confidential October 1, 2019
| 61Confidential Pouria is Interac’s Info Security Manager with over 13 years of experience. He is passionate about securing public cloud platforms (AWS, OCI, and Azure) and developing enterprise security compliance programs in modern application platforms. In addition, he has extensive experience in implementing DevSecOps, SDLC security, and Privileged Access Management solutions. He holds multiple professional certifications in cloud security, security audit, and security management. Up Next: Pouria Ghatrenabi Information Security Governance Manager
Into the Fluffs Security Compliance and Audit in the Cloud Interac Business and Compliance Forum - 2020 Pouria Ghatrenabi
Tiny about Me | 63 Pouria Ghatrenabi
• Agenda | 64 • Cloud Formation: Cloud Computing Concept and Drivers • Inside the Puffs: Cloud Native Security and Compliance • Make it Rain: Examples of Conducting Security Audit in the Cloud • Summary and Conclusions • QnA
Cloud Formation: Cloud Computing Concept and Drivers | 65
Cloud Computing Concept | 66 Ref: https://www.redhat.com/en/topics/cloud-computing/iaas-vs-paas-vs-saas
Business Drivers Strategy Total Cost of Ownership Change in IT Cost Structure Scalability Agility | 67
Getting Aligned with the Business | 68 Ref: https://en.wikipedia.org/wiki/Archery
Inside the Puffs: Cloud Native Security and Compliance | 69
Shared Responsibility Model | 70 Ref: https://aws.amazon.com/compliance/shared-responsibility-model/ Cloud Service Provider You
Cloud Service Providers Compliance Programs Global | 71
Cloud Service Providers Compliance Programs Americas | 72
Standardized Infrastructure Standard Machine Images Configuration Templates Service Catalogues Infrastructure Orchestration & Management Tools Infrastructure as Code | 73
Infrastructure as Code (IaC) | 74 Ref: https://www.hashroot.com/infrastructure-as-code
Policy as Code • Policy as code is the idea of writing code in a high-level language to manage and automate policies. | 75 Codification Version Control Automation Testing and Promoting Auditability
Make it Rain Examples of Conducting Security Audit in the Cloud | 76
Case 1 - Establishing Roles and Responsibilities 12.8 Maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the security of cardholder data, 12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity. | 77
AWS Artifact | 78
AWS Artifact | 79
Case 2 - Access and Account Recertification | 80 8.1.1 Assign all users a unique ID before allowing them to access system components or cardholder data. 8.1.4 Remove/disable inactive user accounts within 90 days. 8.2 In addition to assigning a unique ID, ensure proper user-authentication management for non-consumer users and administrators on all system components by employing at least one of the following methods to authenticate all users: • Something you know, such as a password or passphrase • Something you have, such as a token device or smart card • Something you are, such as a biometric. 8.2.4 Change user passwords/passphrases at least once every 90 days.
AWS IAM - Credential Report | 81
AWS IAM - Credential Report | 82
AWS IAM - Credential Report | 83 • user_creation_time • password_last_used • password_last_changed • password_next_rotation • mfa_active • …
Case 3 - Verifying Audit Logs Integrity 10.5 Secure audit trails so they cannot be altered. | 84
Verifying Audit Logs Integrity | 85 Enable aws cloudtrail update-trail --name your-trail-name --enable-log-file-validation Validate aws cloudtrail validate-logs --trail-arn <trailARN> --start-time <start-time> [-- end-time <end-time>] [--s3-bucket <bucket-name>] [--s3-prefix <prefix>] [--verbose]
Summary and Conclusions | 86
Summing It Up Enterprises are going to the cloud inevitably, and audit and compliance programs have to follow the migration. Compliance policies are applied in an automated, standardized, and codified manner in the cloud There are cloud native services to support security audits in public cloud | 87
QnA | 88
Thank You

Recommended

Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
ITJobZone.biz
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Global Online Trainings
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity Governance
Arijan Horvat
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
Drew Koenig
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...
Hoang Tri Vo
 
Wadoop vivek shrivastava
Wadoop vivek shrivastavaWadoop vivek shrivastava
Wadoop vivek shrivastava
Data Con LA
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 

Recommended

Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
ITJobZone.biz
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Global Online Trainings
 
SailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity GovernanceSailPoint - IdentityNow Identity Governance
SailPoint - IdentityNow Identity Governance
Arijan Horvat
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
Drew Koenig
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...Identity as a Service: a missing gap for moving enterprise applications in In...
Identity as a Service: a missing gap for moving enterprise applications in In...
Hoang Tri Vo
 
Wadoop vivek shrivastava
Wadoop vivek shrivastavaWadoop vivek shrivastava
Wadoop vivek shrivastava
Data Con LA
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidance
drewz lin
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training ppt
Akhil Kumar
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
Pvrtechnologies Nellore
 
#MFSummit2016 Secure: Introduction to identity, access and security
#MFSummit2016 Secure: Introduction to identity, access and security#MFSummit2016 Secure: Introduction to identity, access and security
#MFSummit2016 Secure: Introduction to identity, access and security
Micro Focus
 
Sing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald TangSing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald Tang
Minh Le
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
ITJobZone.biz
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
Yusuf Hadiwinata Sutandar
 
Protecting corporate data with Enterprise Mobility Suite
Protecting corporate data with Enterprise Mobility SuiteProtecting corporate data with Enterprise Mobility Suite
Protecting corporate data with Enterprise Mobility Suite
Ronny de Jong
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
jeffirby
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
Caroline Hsieh
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
Patrick Sklodowski
 
CyberArk
CyberArkCyberArk
CyberArk
Jimmy Sze
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
Okta-Inc
 
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Fanky Christian
 
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Windows Developer
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
Porticor - The Cloud Security Experts
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
Cloudera, Inc.
 

More Related Content

What's hot

Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidance
drewz lin
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training ppt
Akhil Kumar
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
Pvrtechnologies Nellore
 
#MFSummit2016 Secure: Introduction to identity, access and security
#MFSummit2016 Secure: Introduction to identity, access and security#MFSummit2016 Secure: Introduction to identity, access and security
#MFSummit2016 Secure: Introduction to identity, access and security
Micro Focus
 
Sing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald TangSing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald Tang
Minh Le
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
ITJobZone.biz
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
Yusuf Hadiwinata Sutandar
 
Protecting corporate data with Enterprise Mobility Suite
Protecting corporate data with Enterprise Mobility SuiteProtecting corporate data with Enterprise Mobility Suite
Protecting corporate data with Enterprise Mobility Suite
Ronny de Jong
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
jeffirby
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
Caroline Hsieh
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
Patrick Sklodowski
 
CyberArk
CyberArkCyberArk
CyberArk
Jimmy Sze
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
Okta-Inc
 
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Fanky Christian
 
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Windows Developer
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
Porticor - The Cloud Security Experts
 

What's hot (20)

Cloud security
Cloud securityCloud security
Cloud security
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidance
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training ppt
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
 
#MFSummit2016 Secure: Introduction to identity, access and security
#MFSummit2016 Secure: Introduction to identity, access and security#MFSummit2016 Secure: Introduction to identity, access and security
#MFSummit2016 Secure: Introduction to identity, access and security
 
Sing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald TangSing Tel - Designing security into datacenter - Gerald Tang
Sing Tel - Designing security into datacenter - Gerald Tang
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Protecting corporate data with Enterprise Mobility Suite
Protecting corporate data with Enterprise Mobility SuiteProtecting corporate data with Enterprise Mobility Suite
Protecting corporate data with Enterprise Mobility Suite
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
 
CyberArk
CyberArkCyberArk
CyberArk
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
 
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
Company Profile PT DAYA CIPTA MANDIRI SOLUSI - Juni 2019
 
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
 

Similar to Into the Fluffs: Security Comliance and Audit in the Cloud

Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
Cloudera, Inc.
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
Faiza Mehar
 
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Sutedjo Tjahjadi
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
Infosec Train
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
Amazon Web Services
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
Ken Huang
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
VishnuGone
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
Julie Beuselinck
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
ForgeRock
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliant
Evgeniya Shumakher
 
Seeking Cybersecurity--Strategies to Protect the Data
Seeking Cybersecurity--Strategies to Protect the DataSeeking Cybersecurity--Strategies to Protect the Data
Seeking Cybersecurity--Strategies to Protect the Data
Cloudera, Inc.
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
gaborvodics
 
CyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_ContentCyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_Content
priyanshamadhwal2
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
Mauricio Godoy
 
CIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market OverviewCIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market Overview
CloudIDSummit
 
The user s identities
The user s identitiesThe user s identities
The user s identities
Giuliano Latini
 

Similar to Into the Fluffs: Security Comliance and Audit in the Cloud (20)

Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
Indonesian e-Commerce requires Scalability, Reliability and Security to Achi...
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliant
 
Seeking Cybersecurity--Strategies to Protect the Data
Seeking Cybersecurity--Strategies to Protect the DataSeeking Cybersecurity--Strategies to Protect the Data
Seeking Cybersecurity--Strategies to Protect the Data
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
CyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_ContentCyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_Content
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
CIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market OverviewCIS13: Next Generation Privileged Identity Management: A Market Overview
CIS13: Next Generation Privileged Identity Management: A Market Overview
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 

Recently uploaded

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 

Recently uploaded (20)

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 

Into the Fluffs: Security Comliance and Audit in the Cloud

  • 2. | 61Confidential Pouria is Interac’s Info Security Manager with over 13 years of experience. He is passionate about securing public cloud platforms (AWS, OCI, and Azure) and developing enterprise security compliance programs in modern application platforms. In addition, he has extensive experience in implementing DevSecOps, SDLC security, and Privileged Access Management solutions. He holds multiple professional certifications in cloud security, security audit, and security management. Up Next: Pouria Ghatrenabi Information Security Governance Manager
  • 3. Into the Fluffs Security Compliance and Audit in the Cloud Interac Business and Compliance Forum - 2020 Pouria Ghatrenabi
  • 4. Tiny about Me | 63 Pouria Ghatrenabi
  • 5. • Agenda | 64 • Cloud Formation: Cloud Computing Concept and Drivers • Inside the Puffs: Cloud Native Security and Compliance • Make it Rain: Examples of Conducting Security Audit in the Cloud • Summary and Conclusions • QnA
  • 6. Cloud Formation: Cloud Computing Concept and Drivers | 65
  • 7. Cloud Computing Concept | 66 Ref: https://www.redhat.com/en/topics/cloud-computing/iaas-vs-paas-vs-saas
  • 8. Business Drivers Strategy Total Cost of Ownership Change in IT Cost Structure Scalability Agility | 67
  • 9. Getting Aligned with the Business | 68 Ref: https://en.wikipedia.org/wiki/Archery
  • 10. Inside the Puffs: Cloud Native Security and Compliance | 69
  • 11. Shared Responsibility Model | 70 Ref: https://aws.amazon.com/compliance/shared-responsibility-model/ Cloud Service Provider You
  • 12. Cloud Service Providers Compliance Programs Global | 71
  • 13. Cloud Service Providers Compliance Programs Americas | 72
  • 15. Infrastructure as Code (IaC) | 74 Ref: https://www.hashroot.com/infrastructure-as-code
  • 16. Policy as Code • Policy as code is the idea of writing code in a high-level language to manage and automate policies. | 75 Codification Version Control Automation Testing and Promoting Auditability
  • 17. Make it Rain Examples of Conducting Security Audit in the Cloud | 76
  • 18. Case 1 - Establishing Roles and Responsibilities 12.8 Maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the security of cardholder data, 12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity. | 77
  • 21. Case 2 - Access and Account Recertification | 80 8.1.1 Assign all users a unique ID before allowing them to access system components or cardholder data. 8.1.4 Remove/disable inactive user accounts within 90 days. 8.2 In addition to assigning a unique ID, ensure proper user-authentication management for non-consumer users and administrators on all system components by employing at least one of the following methods to authenticate all users: • Something you know, such as a password or passphrase • Something you have, such as a token device or smart card • Something you are, such as a biometric. 8.2.4 Change user passwords/passphrases at least once every 90 days.
  • 22. AWS IAM - Credential Report | 81
  • 23. AWS IAM - Credential Report | 82
  • 24. AWS IAM - Credential Report | 83 • user_creation_time • password_last_used • password_last_changed • password_next_rotation • mfa_active • …
  • 25. Case 3 - Verifying Audit Logs Integrity 10.5 Secure audit trails so they cannot be altered. | 84
  • 26. Verifying Audit Logs Integrity | 85 Enable aws cloudtrail update-trail --name your-trail-name --enable-log-file-validation Validate aws cloudtrail validate-logs --trail-arn <trailARN> --start-time <start-time> [-- end-time <end-time>] [--s3-bucket <bucket-name>] [--s3-prefix <prefix>] [--verbose]
  • 28. Summing It Up Enterprises are going to the cloud inevitably, and audit and compliance programs have to follow the migration. Compliance policies are applied in an automated, standardized, and codified manner in the cloud There are cloud native services to support security audits in public cloud | 87