SlideShare a Scribd company logo

NIST Cybersecurity Framework (CSF) on the Public Cloud

Download as PPTX, PDF
C
CloudHesive

NIST Cybersecurity Framework (CSF) on the Public Cloud

Technology
1 of 52
NIST Cybersecurity Framework (CSF) on the Public Cloud
Topics • Introduction • ExampleWorkload: End User Computing • What can go wrong? Ransomware Incident Response in End User Computing • End User Computing Security Best Practices • Modernizing Security Controls • NIST Cybersecurity Framework • Adjacent Frameworks • Public Cloud Services alignment to NIST Cybersecurity Framework
Introduction
Public Cloud Revenue – has/is forecasted to increaseYoY
Users andVulnerable Software – Still a Challenge Verizon 2021 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx
CustomerWorkload Personas – Growth inVariety • Migrated • Server Based • Migrated & Optimized • Blends of Server and Service Based • Serverless/Native • Service Based • Orchestrated • ECS, EKS, K8s • Inherited • Wildcard! • Hybrid • Wildcard!
Service Categories – Also Growth inVariety • Analytics • Application Integration • AR &VR • AWS Cost Management • Blockchain • Business Applications • Compute • Customer Engagement • Database • Developer Tools • End User Computing • GameTech • Internet ofThings • Machine Learning • Management & Governance • Media Services • Migration &Transfer • Mobile • Networking & Content Delivery • QuantumTechnologies • Robotics • Satellite • Security, Identity, & Compliance • Storage
The Scenario
Shared Responsibility Model
End User Computing Sample Deployment
What’s missing? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
End User Computing Sample Deployment
What could go wrong? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
The Approach
Overview • Through the lens of the NIST Cybersecurity Framework we will look at frameworks developed by, and services available onAWS. • Cloud Services, such as those offered by AWS either/both play a supporting role in your security posture, supporting both non-AWS resources andAWS resources alike but secure configuration of AWS resources can also play a role in supporting your security posture. • The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
The Cybersecurity Framework Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core ImplementationTiers A qualitative measure of organizational cybersecurity risk management practices
The Cybersecurity Framework - Functions • Identify • Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • Protect • Develop and implement appropriate safeguards to ensure delivery of critical services. • Detect • Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • Respond • Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • Recover • Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
An Excerpt from the Framework Core 5 Functions 23 Categories 108 Subcategories 6 Informative References
ImplementationTiers 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk • benefits my sharing or receiving information from outside parties
CIS Controls & Benchmarks • Controls • Similar, though more prescriptive than NIST CSF • Can be mapped to CSF • Benchmarks • Prescriptive steps to apply controls to specific technologies • AWS • Workspaces • Windows/Linux • Other Services
CIS Benchmark End User Computing Example
CloudWorkload Lifecycle Management Framework • Workload • Architecture • Monitoring • Automation • Processes
Workload + Architecture Drives Service Selection • Virtual Machines • AMI • Patching • Multi-threaded/Multi-task • Hours to Months • PerVM/Per Hour • Functions/Services • Code • Versioning • Single-threaded/Single-task • Microseconds to Seconds • Per Memory/Second/Per Request • Containers • Container File • Versioning • Multi-threaded/Single-task • Minutes to Days • PerVM/Per Hour
Integration
Automation + Processes Drives Lifecycle Management Selection • Organizations • Cross-AccountAsset Management + Governance • ControlTower • Account vending/default standardization • Service Catalog • Workload platform vending/default standardization • CloudFormation • IaC • Ephemeral Compute + API Managed Data/Control Plane for PersistenceTiers • Hands off/Lights out
Processes • Patching • Backup/RestoreTesting • FailoverTesting (AZ) • Credential Rotation/CredentialAudit • Event ResponseTesting • Incident ResponseTesting • PerformanceTesting • Performance/Cost Review • Vulnerability/PenetrationTesting
Cloud Adoption Framework (CAF) https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/accelerating-business-outcomes.html
Cloud Adoption Framework (CAF) • Perspectives • Business • Value Realization • People • Roles & Readiness • Governance • Prioritization & Control • Platform • Applications & Infrastructure • Security • Risk & Compliance • Operations • Manage & Scale
Cloud Adoption Framework (CAF) - Capabilities https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html
Cloud Adoption Framework (CAF) – Capabilities - Security https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
CAF – Security Perspective • Directive • Account Ownership and contact information • Change and asset management • Least privilege access • Preventive • Identity and access • Infrastructure protection • Data protection • Detective • Logging and monitoring • Asset inventory • Change detection • Responsive • Vulnerabilities • Privilege escalation • DDoS attack
Well Architected Framework (WAF) • General • Event-Triggered • Workload-Focused • General Design Principals • Pillars • Design Principals • Best Practices • Lenses
WAF – Pillars • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization • Sustainability – New!
WAF – Lenses • High Performance Computing (HPC) • Serverless • Internet ofThings (IOT) • Financial Services Industry (FinServ) • FoundationalTechnical Review (FTR) • SaaS • Streaming Media • Machine Learning • SAP • DataAnalytics • Games Industry • Hybrid Networking • Management and Governance –Well Aligned!
WAF – General Design Principals • Stop guessing your capacity needs • Test systems at production scale • Automate to make architectural experimentation easier • Allow for evolutionary architectures • Drive architectures using data • Improve through game days
WAF – Game Days • Prepare • Is the process/are the processes to be tested during the game day well defined? Is access in place? Has training been performed? • Define • Workload, Personnel, Scenario, Environment, Schedule • Execute • Start, Middle, End • Analyze • Debrief, Examine, Document, Root Cause Analysis (RCA), Correction of Error (CoE)
WAF – Security Pillar • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events • Best Practices • Identity and Access Management • Detection • Infrastructure Protection • Data Protection • Incident Response
Let’s tie it all together… https://aws.amazon.com/blogs/security/optimizing-cloud-governance-on-aws-integrating-the-nist-cybersecurity-framework-aws- cloud-adoption-framework-and-aws-well-architected/
Identify
Identify • Everything on the previous slides 
Identify • Audit Manager • Cost Management Services (Individual Services) • Certificate Manager (Public + Private) • Firewall Manager (WAF + Security Groups) • Directory Service + Identity and Access Management (+ Services with their own Policies) • AccessAdvisor,Access Analyzer,Organization Activity • Inspector • Key Management Service + Secrets Manager • Macie • Premium Support +Trusted Advisor + Personal Health Dashboard • Systems Manager • Security Hub + Config + Config Rules • Tags
Identify – Organizations • Tag policies • Artifact • Backup • CloudFormation StackSets • CloudTrail • Config • Directory Service • Firewall Manager • Resource Access Manager • Service Catalog • Single Sign-On • Systems Manager
Protect/Detect
Protect • VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall), Network Firewall, DNS Firewall,Gateway Load Balancer • WAF: Layer 7WAF • Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection • VPC:VGW (Point to Point and IPSECConnectivity) + Peering (VPC toVPC Connectivity) + Endpoints (Private Connectivity to AWS Services), ClientVPN (Client toVPC Connectivity) • IAM + Directory Service + SSO: Standalone and Federated AAA • KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services, provides expiration and ability to provide self-generated cryptographic material • ACM: Public and Private PKI Certificate Authority • Secure Credential Storage: Secrets Manager, Systems Manager • Nitro Enclaves
Protect • AWS Auto Scaling: EC2, Dynamo,Aurora Autoscaling • Code Commit/ECS (Image Scanning)/Signer: Secure Application and Artifact Repository + dedicated account • Code Deploy/Systems Manager: “Hands off” OS and configuration management + application deployment • EC2: Systems Manager (OS and above patching + auditing), Amazon Linux 2 Live Patching • AWS Backup: EC2, RDS, EFS, Dynamo Backups + dedicated account • Workspaces: Secure Bastion • CloudFormation + OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention • Host Based Security
Detect
Detect • Guard Duty • Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent storage • VPC: Flow Logs (NetFlow) + Port Mirroring • CloudWatch Logs: OS and above log management • CloudTrail: AuditTrail, Exportable as JSON to idempotent storage • Cloudfront, ALB andWAF: All log (CloudFront and ALB in S3,WAF in Kinesis) • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention + dedicated account
Respond/Recover
Respond • Detective • Disk Snapshots • Don’t forget to remove from retention policy • Automated withThreatResponse,GRR • Memory Snapshots • Automated withThreatResponse,GRR,Volatility, Rekall • Logs • Don’t forget to remove from retention policy • Query and Correlate with Athena • Measure
Recover • Block Access (WAF, Security Group, ACL, IAM) • Revert to Known Good State (Snapshots,Versioning) • Identify/Correct Root Cause (Logs!) • Rotate Credentials (people and things) • Measure
Conclusion • Iterate introduction of your security controls – some in the short term is better than none in the long term. • Detective Controls are just as important as Preventative Controls, they play a significant response in incident detection and response. • Whether your workload is onAWS or not,AWS services can be used to supplement your controls. • There is no lack of frameworks – pick and choose from them to make a framework that works best for your organization’s needs.
ThankYou!

Recommended

NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Cissp exam outline 121417- final (2)
Cissp exam outline 121417- final (2)Cissp exam outline 121417- final (2)
Cissp exam outline 121417- final (2)Joshua Fonseca
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNorth Texas Chapter of the ISSA
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 

Recommended

NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Cissp exam outline 121417- final (2)
Cissp exam outline 121417- final (2)Cissp exam outline 121417- final (2)
Cissp exam outline 121417- final (2)Joshua Fonseca
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNorth Texas Chapter of the ISSA
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...Edureka!
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Iam presentation
Iam presentationIam presentation
Iam presentationAWS UG PK
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Soc
SocSoc
SocMukesh Chaudhari
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWSCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 

More Related Content

What's hot

Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...Edureka!
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Iam presentation
Iam presentationIam presentation
Iam presentationAWS UG PK
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 

What's hot (20)

Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Application Security
Application SecurityApplication Security
Application Security
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Iam presentation
Iam presentationIam presentation
Iam presentation
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Soc
SocSoc
Soc
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 

Similar to NIST Cybersecurity Framework (CSF) on the Public Cloud

Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSCloudHesive
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on securityCloudHesive
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing OverviewManju Srinivas
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Incident response in Cloud
Incident response in CloudIncident response in Cloud
Incident response in CloudVandana Verma
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAmazon Web Services
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Lucas Jellema
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security GovernanceCan Demirel
 
Where to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationWhere to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationAmazon Web Services
 

Similar to NIST Cybersecurity Framework (CSF) on the Public Cloud (20)

Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Incident response in Cloud
Incident response in CloudIncident response in Cloud
Incident response in Cloud
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security Governance
 
Boot camp - Migration to AWS
Boot camp - Migration to AWSBoot camp - Migration to AWS
Boot camp - Migration to AWS
 
Where to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationWhere to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio Migration
 

More from CloudHesive

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaCloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...CloudHesive
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...CloudHesive
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxCloudHesive
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath IntroductionCloudHesive
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfCloudHesive
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfCloudHesive
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxCloudHesive
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesiveCloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsCloudHesive
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations CloudHesive
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022CloudHesive
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)CloudHesive
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)CloudHesive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Meetup Protect from Ransomware Attacks
Meetup Protect from Ransomware AttacksMeetup Protect from Ransomware Attacks
Meetup Protect from Ransomware AttacksCloudHesive
 
Amazon Connect Bootcamp
Amazon Connect BootcampAmazon Connect Bootcamp
Amazon Connect BootcampCloudHesive
 
Fort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the CloudFort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the CloudCloudHesive
 

More from CloudHesive (20)

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of Florida
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath Introduction
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdf
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdf
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptx
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Meetup Protect from Ransomware Attacks
Meetup Protect from Ransomware AttacksMeetup Protect from Ransomware Attacks
Meetup Protect from Ransomware Attacks
 
Amazon Connect Bootcamp
Amazon Connect BootcampAmazon Connect Bootcamp
Amazon Connect Bootcamp
 
Fort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the CloudFort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the Cloud
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

NIST Cybersecurity Framework (CSF) on the Public Cloud

  • 1. NIST Cybersecurity Framework (CSF) on the Public Cloud
  • 2. Topics • Introduction • ExampleWorkload: End User Computing • What can go wrong? Ransomware Incident Response in End User Computing • End User Computing Security Best Practices • Modernizing Security Controls • NIST Cybersecurity Framework • Adjacent Frameworks • Public Cloud Services alignment to NIST Cybersecurity Framework
  • 4. Public Cloud Revenue – has/is forecasted to increaseYoY
  • 5. Users andVulnerable Software – Still a Challenge Verizon 2021 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx
  • 6. CustomerWorkload Personas – Growth inVariety • Migrated • Server Based • Migrated & Optimized • Blends of Server and Service Based • Serverless/Native • Service Based • Orchestrated • ECS, EKS, K8s • Inherited • Wildcard! • Hybrid • Wildcard!
  • 7. Service Categories – Also Growth inVariety • Analytics • Application Integration • AR &VR • AWS Cost Management • Blockchain • Business Applications • Compute • Customer Engagement • Database • Developer Tools • End User Computing • GameTech • Internet ofThings • Machine Learning • Management & Governance • Media Services • Migration &Transfer • Mobile • Networking & Content Delivery • QuantumTechnologies • Robotics • Satellite • Security, Identity, & Compliance • Storage
  • 10. End User Computing Sample Deployment
  • 11. What’s missing? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
  • 12. End User Computing Sample Deployment
  • 13. What could go wrong? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
  • 15. Overview • Through the lens of the NIST Cybersecurity Framework we will look at frameworks developed by, and services available onAWS. • Cloud Services, such as those offered by AWS either/both play a supporting role in your security posture, supporting both non-AWS resources andAWS resources alike but secure configuration of AWS resources can also play a role in supporting your security posture. • The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
  • 16. The Cybersecurity Framework Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core ImplementationTiers A qualitative measure of organizational cybersecurity risk management practices
  • 17. The Cybersecurity Framework - Functions • Identify • Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • Protect • Develop and implement appropriate safeguards to ensure delivery of critical services. • Detect • Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • Respond • Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • Recover • Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
  • 18. An Excerpt from the Framework Core 5 Functions 23 Categories 108 Subcategories 6 Informative References
  • 19. ImplementationTiers 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk • benefits my sharing or receiving information from outside parties
  • 20. CIS Controls & Benchmarks • Controls • Similar, though more prescriptive than NIST CSF • Can be mapped to CSF • Benchmarks • Prescriptive steps to apply controls to specific technologies • AWS • Workspaces • Windows/Linux • Other Services
  • 21. CIS Benchmark End User Computing Example
  • 22. CloudWorkload Lifecycle Management Framework • Workload • Architecture • Monitoring • Automation • Processes
  • 23. Workload + Architecture Drives Service Selection • Virtual Machines • AMI • Patching • Multi-threaded/Multi-task • Hours to Months • PerVM/Per Hour • Functions/Services • Code • Versioning • Single-threaded/Single-task • Microseconds to Seconds • Per Memory/Second/Per Request • Containers • Container File • Versioning • Multi-threaded/Single-task • Minutes to Days • PerVM/Per Hour
  • 25. Automation + Processes Drives Lifecycle Management Selection • Organizations • Cross-AccountAsset Management + Governance • ControlTower • Account vending/default standardization • Service Catalog • Workload platform vending/default standardization • CloudFormation • IaC • Ephemeral Compute + API Managed Data/Control Plane for PersistenceTiers • Hands off/Lights out
  • 26. Processes • Patching • Backup/RestoreTesting • FailoverTesting (AZ) • Credential Rotation/CredentialAudit • Event ResponseTesting • Incident ResponseTesting • PerformanceTesting • Performance/Cost Review • Vulnerability/PenetrationTesting
  • 27. Cloud Adoption Framework (CAF) https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/accelerating-business-outcomes.html
  • 28. Cloud Adoption Framework (CAF) • Perspectives • Business • Value Realization • People • Roles & Readiness • Governance • Prioritization & Control • Platform • Applications & Infrastructure • Security • Risk & Compliance • Operations • Manage & Scale
  • 29. Cloud Adoption Framework (CAF) - Capabilities https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html
  • 30. Cloud Adoption Framework (CAF) – Capabilities - Security https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
  • 31. CAF – Security Perspective • Directive • Account Ownership and contact information • Change and asset management • Least privilege access • Preventive • Identity and access • Infrastructure protection • Data protection • Detective • Logging and monitoring • Asset inventory • Change detection • Responsive • Vulnerabilities • Privilege escalation • DDoS attack
  • 32. Well Architected Framework (WAF) • General • Event-Triggered • Workload-Focused • General Design Principals • Pillars • Design Principals • Best Practices • Lenses
  • 33. WAF – Pillars • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization • Sustainability – New!
  • 34. WAF – Lenses • High Performance Computing (HPC) • Serverless • Internet ofThings (IOT) • Financial Services Industry (FinServ) • FoundationalTechnical Review (FTR) • SaaS • Streaming Media • Machine Learning • SAP • DataAnalytics • Games Industry • Hybrid Networking • Management and Governance –Well Aligned!
  • 35. WAF – General Design Principals • Stop guessing your capacity needs • Test systems at production scale • Automate to make architectural experimentation easier • Allow for evolutionary architectures • Drive architectures using data • Improve through game days
  • 36. WAF – Game Days • Prepare • Is the process/are the processes to be tested during the game day well defined? Is access in place? Has training been performed? • Define • Workload, Personnel, Scenario, Environment, Schedule • Execute • Start, Middle, End • Analyze • Debrief, Examine, Document, Root Cause Analysis (RCA), Correction of Error (CoE)
  • 37. WAF – Security Pillar • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events • Best Practices • Identity and Access Management • Detection • Infrastructure Protection • Data Protection • Incident Response
  • 38. Let’s tie it all together… https://aws.amazon.com/blogs/security/optimizing-cloud-governance-on-aws-integrating-the-nist-cybersecurity-framework-aws- cloud-adoption-framework-and-aws-well-architected/
  • 40. Identify • Everything on the previous slides 
  • 41. Identify • Audit Manager • Cost Management Services (Individual Services) • Certificate Manager (Public + Private) • Firewall Manager (WAF + Security Groups) • Directory Service + Identity and Access Management (+ Services with their own Policies) • AccessAdvisor,Access Analyzer,Organization Activity • Inspector • Key Management Service + Secrets Manager • Macie • Premium Support +Trusted Advisor + Personal Health Dashboard • Systems Manager • Security Hub + Config + Config Rules • Tags
  • 42. Identify – Organizations • Tag policies • Artifact • Backup • CloudFormation StackSets • CloudTrail • Config • Directory Service • Firewall Manager • Resource Access Manager • Service Catalog • Single Sign-On • Systems Manager
  • 44. Protect • VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall), Network Firewall, DNS Firewall,Gateway Load Balancer • WAF: Layer 7WAF • Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection • VPC:VGW (Point to Point and IPSECConnectivity) + Peering (VPC toVPC Connectivity) + Endpoints (Private Connectivity to AWS Services), ClientVPN (Client toVPC Connectivity) • IAM + Directory Service + SSO: Standalone and Federated AAA • KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services, provides expiration and ability to provide self-generated cryptographic material • ACM: Public and Private PKI Certificate Authority • Secure Credential Storage: Secrets Manager, Systems Manager • Nitro Enclaves
  • 45. Protect • AWS Auto Scaling: EC2, Dynamo,Aurora Autoscaling • Code Commit/ECS (Image Scanning)/Signer: Secure Application and Artifact Repository + dedicated account • Code Deploy/Systems Manager: “Hands off” OS and configuration management + application deployment • EC2: Systems Manager (OS and above patching + auditing), Amazon Linux 2 Live Patching • AWS Backup: EC2, RDS, EFS, Dynamo Backups + dedicated account • Workspaces: Secure Bastion • CloudFormation + OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention • Host Based Security
  • 47. Detect • Guard Duty • Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent storage • VPC: Flow Logs (NetFlow) + Port Mirroring • CloudWatch Logs: OS and above log management • CloudTrail: AuditTrail, Exportable as JSON to idempotent storage • Cloudfront, ALB andWAF: All log (CloudFront and ALB in S3,WAF in Kinesis) • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention + dedicated account
  • 49. Respond • Detective • Disk Snapshots • Don’t forget to remove from retention policy • Automated withThreatResponse,GRR • Memory Snapshots • Automated withThreatResponse,GRR,Volatility, Rekall • Logs • Don’t forget to remove from retention policy • Query and Correlate with Athena • Measure
  • 50. Recover • Block Access (WAF, Security Group, ACL, IAM) • Revert to Known Good State (Snapshots,Versioning) • Identify/Correct Root Cause (Logs!) • Rotate Credentials (people and things) • Measure
  • 51. Conclusion • Iterate introduction of your security controls – some in the short term is better than none in the long term. • Detective Controls are just as important as Preventative Controls, they play a significant response in incident detection and response. • Whether your workload is onAWS or not,AWS services can be used to supplement your controls. • There is no lack of frameworks – pick and choose from them to make a framework that works best for your organization’s needs.