These slides contains my notes on what are the security consideration w.r.t Micro services and Multi Cloud. I am still working on this part. It is just a comprehension of whatever I have studied so far.
Venom vulnerability Overview and a basic demoAkash Mahajan
This vulnerability, called VENOM, allows an attacker to escape from a virtual machine guest into the host system. It affects virtualization platforms that use Xen, Qemu, KVM, or VirtualBox as their hypervisor. The vulnerability is in the virtual floppy disk controller code, which contains a buffer overflow issue. This allows an attacker to potentially gain code execution on the host machine. It is a serious issue because many cloud providers use these vulnerable virtualization platforms.
This session provides an introduction to simulation environments like Cyber Ranges, differentiate them from gamification systems, and discusses the emerging delivery, adoption and organizational lessons learned that are driving further adoption.
The cloud is a cost-effective way to provide maximum accessibility for your customers. However, organizations often fail to optimize and configure it properly for their environment, leaving them inadvertently exposed.
These slides are from our recent webinar covering proven techniques that reduce cloud risk, including:
• Building applications to leverage automation and built-in cloud controls
• Securing access control and key management
• Ensuring essential services are running, reachable, and securely hardened
1) AWS Cloud Security provides universal, visible, auditable, transparent and shared security capabilities that are available to all customers regardless of business size or industry.
2) AWS security allows customers to see and monitor their entire cloud infrastructure through visibility and auditing tools. It also provides transparency through third party audits and certifications.
3) AWS shares responsibility for security with customers by managing physical and network security for the cloud infrastructure, while giving customers control over their software applications and data.
Universal, visible, auditable, transparent, and shared cloud security provides consistent security capabilities for all AWS customers across industries. AWS security is auditable through third party audits and certifications. Responsibilities are shared, with AWS managing physical and network security of infrastructure and customers managing security of guest operating systems and applications. Customers have visibility into their entire AWS infrastructure and can implement additional security controls like security groups.
Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.
There is a need to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.
These slides are from our webinar covering topics like:
· Threats, vulnerabilities, weaknesses – why their difference matters
· How vulnerability scanning can help (and hinder) your efforts
· Security engineering and the system development lifecycle
· High impact activities - application risk rating and threat modeling
A providers view of security in the cloud. This talk shows how the main cloud providers (AWS & Azure) build security into their cloud services and how they contribute to the shared responsibility model for security in the cloud.
This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
Venom vulnerability Overview and a basic demoAkash Mahajan
This vulnerability, called VENOM, allows an attacker to escape from a virtual machine guest into the host system. It affects virtualization platforms that use Xen, Qemu, KVM, or VirtualBox as their hypervisor. The vulnerability is in the virtual floppy disk controller code, which contains a buffer overflow issue. This allows an attacker to potentially gain code execution on the host machine. It is a serious issue because many cloud providers use these vulnerable virtualization platforms.
This session provides an introduction to simulation environments like Cyber Ranges, differentiate them from gamification systems, and discusses the emerging delivery, adoption and organizational lessons learned that are driving further adoption.
The cloud is a cost-effective way to provide maximum accessibility for your customers. However, organizations often fail to optimize and configure it properly for their environment, leaving them inadvertently exposed.
These slides are from our recent webinar covering proven techniques that reduce cloud risk, including:
• Building applications to leverage automation and built-in cloud controls
• Securing access control and key management
• Ensuring essential services are running, reachable, and securely hardened
1) AWS Cloud Security provides universal, visible, auditable, transparent and shared security capabilities that are available to all customers regardless of business size or industry.
2) AWS security allows customers to see and monitor their entire cloud infrastructure through visibility and auditing tools. It also provides transparency through third party audits and certifications.
3) AWS shares responsibility for security with customers by managing physical and network security for the cloud infrastructure, while giving customers control over their software applications and data.
Universal, visible, auditable, transparent, and shared cloud security provides consistent security capabilities for all AWS customers across industries. AWS security is auditable through third party audits and certifications. Responsibilities are shared, with AWS managing physical and network security of infrastructure and customers managing security of guest operating systems and applications. Customers have visibility into their entire AWS infrastructure and can implement additional security controls like security groups.
Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.
There is a need to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.
These slides are from our webinar covering topics like:
· Threats, vulnerabilities, weaknesses – why their difference matters
· How vulnerability scanning can help (and hinder) your efforts
· Security engineering and the system development lifecycle
· High impact activities - application risk rating and threat modeling
A providers view of security in the cloud. This talk shows how the main cloud providers (AWS & Azure) build security into their cloud services and how they contribute to the shared responsibility model for security in the cloud.
This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
This document provides an overview of Alert Logic's Security-as-a-Service offering. It describes Alert Logic's integrated multi-layer security solution that protects enterprise applications and cloud workloads from web application attacks, server and network activity, and vulnerabilities. It also discusses how Alert Logic assesses risks, blocks threats, detects anomalies, and ensures compliance. Alert Logic provides both security software and services to help secure hybrid and multi-cloud environments.
The document discusses shielded virtual machines (VMs) which are a new security feature in Windows Server 2016 that protects VMs from potential compromise of the host machine. Shielded VMs use virtual secure mode and virtual trust levels to isolate VM memory and processors from the host. The host guardian service verifies that the host is authorized to run a shielded VM by checking a store of keys for trustworthy hosts.
Cloud security comparisons between aws and azureAbdul Khan
The document compares security patterns and solutions between Amazon Web Services (AWS) and Microsoft Azure for cloud computing. It discusses six key areas of comparison: 1) compliance and regulatory, 2) identity authentication and authorization, 3) secure development, operation and administration, 4) privacy and confidentiality, 5) secure architecture, and 6) provides examples of specific security solutions offered by each cloud provider for different security patterns within each area.
Windows Azure Security Features And Functionalityvivekbhat
Windows Azure is a cloud computing platform that combines compute, storage, and SQL components. It handles threats to its infrastructure like physical attacks and impersonation, while customers are responsible for threats to their tenant like code bugs and privilege abuse by their own administrators. Windows Azure provides security features like network access control, hypervisor isolation of tenants, access controls on storage accounts, and password authentication for SQL databases.
Everything and anything is hackable and vulnerable in some ways. Even with all the security governance and check points, businesses are still being cyberattacked & hacked regularly.
Did you know, a public IP is attacked by a hacker after the first five minutes of life on the internet.
This presentation directly explores the 7 dangerous ways to Cyberattack Azure and provides countermeasures.
More importantly, provides some guidance to start protecting your business in the Cloud!
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
The document discusses best practices for AWS Identity and Access Management (IAM) security. It recommends (1) enabling multi-factor authentication, using strong passwords, rotating credentials, and removing unused credentials to prevent compromised accounts, and (2) enabling AWS CloudTrail and granting least privilege to help detect and contain breaches. The document then introduces Dome9 IAM Safe, a dynamic authorization solution that adds an extra layer of protection by requiring out-of-band authorization via mobile app for risky actions, limiting the damage of a compromised account. In summary, the key points are applying IAM best practices, leveraging partners for advanced protection, and preparing now for potential future breaches.
As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.
Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
• Common cloud threats and vulnerabilities
• Exposing data with insufficient Authorization and Authentication
• The danger of relying on untrusted components
• Distributed Denial of Service (DDoS) and other application attacks
• Securing APIs and other defensive measures
This document provides best practices for cloud security on Microsoft Azure. It discusses protecting identities with Azure Active Directory, multi-factor authentication, and privileged identity management. It also recommends securing infrastructure with virtual networks, network security groups, and security appliances. The document advises encrypting data at rest with storage service encryption and encrypting data in transit between data centers and users. It concludes by outlining tools for governance on Azure including policies, role-based access control, and the security center.
This document discusses Vocus Communications' cloud connectivity services in New Zealand. It summarizes Vocus' role as an AWS Direct Connect partner, providing both dedicated and virtual private connections between customer networks and AWS. It also introduces Vocus' Cloud Connect product, which offers private, high-speed connections to AWS, Azure, and other public clouds from Australia and New Zealand. The document emphasizes that Cloud Connect can integrate with Vocus' existing Ethernet and IP-WAN networks to create simple, reliable, and secure hybrid cloud solutions for customers.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
Windows Azure offers security, privacy, and compliance features to help protect customer data and applications in the cloud. These include enterprise identity and access management, virtual private networks, encryption of data in transit and at rest, geographic restrictions on data storage, and compliance with standards like ISO 27001, SOC 1, SOC 2, FedRAMP, and HIPAA. Microsoft also monitors network traffic, applies security updates, and conducts penetration testing of Azure services to help defend against threats.
Trust No-One Architecture For Services And DataAidan Finn
This document discusses implementing a "trust no-one" architecture for services and data in cloud environments. It recommends micro-segmenting networks into secure zones, limiting public IP addresses, controlling network edges with firewalls and routing, implementing security measures like NSGs at multiple depths, and logging and monitoring traffic with Azure Security Center and Sentinel. The goal is to break from common practices of open internal networks and implement layered security everywhere using features like private endpoints, firewalls, and logging.
Cloud computing provides on-demand delivery of IT resources and applications via the Internet with benefits of scalability, cost-savings and flexibility. However, security is a major concern as customers lose direct control over data and infrastructure. The document discusses key cloud security domains including data security, reliability, compliance and security management. Customers are most concerned about security, reliability and economics when considering cloud adoption. Providers must offer transparency, strong availability guarantees and easy security controls to help customers address these risks.
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
Security expert Randy Franklin Smith will explain the reasons why you might go through the extra trouble of a "red forest" — as well as the limitations of this structure.
CSF18 - Securing the Cloud - Karim El-MelhaouiNCCOMMS
This document discusses securing cloud infrastructure through policy as code and post-exploitation techniques. It provides an overview of implementing policy as code in Azure and AWS to automate governance and enforce basic security rules. It also covers detection techniques in Azure and AWS including using logs, security services, and compliance monitoring. The document demonstrates post-exploitation tactics an attacker could use like password spraying, creating backdoors, and persisting access. It emphasizes the importance of just-in-time access, secure authentication, monitoring, and avoiding overprivileged cloud administrator roles.
Shared Security Responsibility for the Azure CloudAlert Logic
This document discusses shared security responsibility in Azure. It provides an overview of security best practices when using Azure, including understanding the shared responsibility model, implementing network security practices, securing data and access, securely developing code, log management, and vulnerability management. It also describes Alert Logic security solutions that can help monitor Azure environments for threats across the application stack.
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
Since companies are moving their data to the cloud, security has become a hot topic. How do we securely store sensitive data? Where do we store our encryption keys? These are just 2 of the many questions that are concerning the modern companies. In this presentation, Tom Kerkhove will introduce you to the concepts of Microsoft Azure Key Vault.
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
Security has become more and more important as we move to the cloud and countries & companies are being hacked – remember the Sony hack? But how do we securely store sensitive data such as connection strings to our databases? Where do we store our encryption keys? Can I share them with my customers? How do I prevent abuse of my secrets and block them from doing so?
That’s what this session is all about – I will introduce you to the concepts of Microsoft Azure Key Vault where you can use this as it allows you to securely store keys, credentials and other secrets in the cloud. We will also have a look at how it enables us to store encryption keys for SQL Server TDE and how it can help you safeguard your cloud solutions even more.
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
This document provides an overview of Alert Logic's Security-as-a-Service offering. It describes Alert Logic's integrated multi-layer security solution that protects enterprise applications and cloud workloads from web application attacks, server and network activity, and vulnerabilities. It also discusses how Alert Logic assesses risks, blocks threats, detects anomalies, and ensures compliance. Alert Logic provides both security software and services to help secure hybrid and multi-cloud environments.
The document discusses shielded virtual machines (VMs) which are a new security feature in Windows Server 2016 that protects VMs from potential compromise of the host machine. Shielded VMs use virtual secure mode and virtual trust levels to isolate VM memory and processors from the host. The host guardian service verifies that the host is authorized to run a shielded VM by checking a store of keys for trustworthy hosts.
Cloud security comparisons between aws and azureAbdul Khan
The document compares security patterns and solutions between Amazon Web Services (AWS) and Microsoft Azure for cloud computing. It discusses six key areas of comparison: 1) compliance and regulatory, 2) identity authentication and authorization, 3) secure development, operation and administration, 4) privacy and confidentiality, 5) secure architecture, and 6) provides examples of specific security solutions offered by each cloud provider for different security patterns within each area.
Windows Azure Security Features And Functionalityvivekbhat
Windows Azure is a cloud computing platform that combines compute, storage, and SQL components. It handles threats to its infrastructure like physical attacks and impersonation, while customers are responsible for threats to their tenant like code bugs and privilege abuse by their own administrators. Windows Azure provides security features like network access control, hypervisor isolation of tenants, access controls on storage accounts, and password authentication for SQL databases.
Everything and anything is hackable and vulnerable in some ways. Even with all the security governance and check points, businesses are still being cyberattacked & hacked regularly.
Did you know, a public IP is attacked by a hacker after the first five minutes of life on the internet.
This presentation directly explores the 7 dangerous ways to Cyberattack Azure and provides countermeasures.
More importantly, provides some guidance to start protecting your business in the Cloud!
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
The document discusses best practices for AWS Identity and Access Management (IAM) security. It recommends (1) enabling multi-factor authentication, using strong passwords, rotating credentials, and removing unused credentials to prevent compromised accounts, and (2) enabling AWS CloudTrail and granting least privilege to help detect and contain breaches. The document then introduces Dome9 IAM Safe, a dynamic authorization solution that adds an extra layer of protection by requiring out-of-band authorization via mobile app for risky actions, limiting the damage of a compromised account. In summary, the key points are applying IAM best practices, leveraging partners for advanced protection, and preparing now for potential future breaches.
As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.
Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
• Common cloud threats and vulnerabilities
• Exposing data with insufficient Authorization and Authentication
• The danger of relying on untrusted components
• Distributed Denial of Service (DDoS) and other application attacks
• Securing APIs and other defensive measures
This document provides best practices for cloud security on Microsoft Azure. It discusses protecting identities with Azure Active Directory, multi-factor authentication, and privileged identity management. It also recommends securing infrastructure with virtual networks, network security groups, and security appliances. The document advises encrypting data at rest with storage service encryption and encrypting data in transit between data centers and users. It concludes by outlining tools for governance on Azure including policies, role-based access control, and the security center.
This document discusses Vocus Communications' cloud connectivity services in New Zealand. It summarizes Vocus' role as an AWS Direct Connect partner, providing both dedicated and virtual private connections between customer networks and AWS. It also introduces Vocus' Cloud Connect product, which offers private, high-speed connections to AWS, Azure, and other public clouds from Australia and New Zealand. The document emphasizes that Cloud Connect can integrate with Vocus' existing Ethernet and IP-WAN networks to create simple, reliable, and secure hybrid cloud solutions for customers.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
Windows Azure offers security, privacy, and compliance features to help protect customer data and applications in the cloud. These include enterprise identity and access management, virtual private networks, encryption of data in transit and at rest, geographic restrictions on data storage, and compliance with standards like ISO 27001, SOC 1, SOC 2, FedRAMP, and HIPAA. Microsoft also monitors network traffic, applies security updates, and conducts penetration testing of Azure services to help defend against threats.
Trust No-One Architecture For Services And DataAidan Finn
This document discusses implementing a "trust no-one" architecture for services and data in cloud environments. It recommends micro-segmenting networks into secure zones, limiting public IP addresses, controlling network edges with firewalls and routing, implementing security measures like NSGs at multiple depths, and logging and monitoring traffic with Azure Security Center and Sentinel. The goal is to break from common practices of open internal networks and implement layered security everywhere using features like private endpoints, firewalls, and logging.
Cloud computing provides on-demand delivery of IT resources and applications via the Internet with benefits of scalability, cost-savings and flexibility. However, security is a major concern as customers lose direct control over data and infrastructure. The document discusses key cloud security domains including data security, reliability, compliance and security management. Customers are most concerned about security, reliability and economics when considering cloud adoption. Providers must offer transparency, strong availability guarantees and easy security controls to help customers address these risks.
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
Security expert Randy Franklin Smith will explain the reasons why you might go through the extra trouble of a "red forest" — as well as the limitations of this structure.
CSF18 - Securing the Cloud - Karim El-MelhaouiNCCOMMS
This document discusses securing cloud infrastructure through policy as code and post-exploitation techniques. It provides an overview of implementing policy as code in Azure and AWS to automate governance and enforce basic security rules. It also covers detection techniques in Azure and AWS including using logs, security services, and compliance monitoring. The document demonstrates post-exploitation tactics an attacker could use like password spraying, creating backdoors, and persisting access. It emphasizes the importance of just-in-time access, secure authentication, monitoring, and avoiding overprivileged cloud administrator roles.
Shared Security Responsibility for the Azure CloudAlert Logic
This document discusses shared security responsibility in Azure. It provides an overview of security best practices when using Azure, including understanding the shared responsibility model, implementing network security practices, securing data and access, securely developing code, log management, and vulnerability management. It also describes Alert Logic security solutions that can help monitor Azure environments for threats across the application stack.
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
Since companies are moving their data to the cloud, security has become a hot topic. How do we securely store sensitive data? Where do we store our encryption keys? These are just 2 of the many questions that are concerning the modern companies. In this presentation, Tom Kerkhove will introduce you to the concepts of Microsoft Azure Key Vault.
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
Security has become more and more important as we move to the cloud and countries & companies are being hacked – remember the Sony hack? But how do we securely store sensitive data such as connection strings to our databases? Where do we store our encryption keys? Can I share them with my customers? How do I prevent abuse of my secrets and block them from doing so?
That’s what this session is all about – I will introduce you to the concepts of Microsoft Azure Key Vault where you can use this as it allows you to securely store keys, credentials and other secrets in the cloud. We will also have a look at how it enables us to store encryption keys for SQL Server TDE and how it can help you safeguard your cloud solutions even more.
RightScale Webinar: Security and Compliance in the CloudRightScale
In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
The document discusses security considerations for grid and cloud computing environments. It covers trust models, authentication and authorization methods, and the security infrastructure in grids. It also discusses network, host, and application level security aspects for cloud infrastructure. Key areas of data security are explained, including securing data in transit, at rest, and during processing. Identity and access management architectures and their implementation in cloud models like SaaS, PaaS, and IaaS are outlined.
Technical overview of how cloud computing can be made secure across various networks architectures and deployments such as (a) Security in public cloud deployments – data and application security. This will cover methods such as data encryption, multi tenancy, data wipeout, what type of data to place in public clouds, autentication methods.
(b) Security by using public/private mix hybrid cloud deployments. This will cover using hybrid clouds effectively to segregate some portions of data in the public and some in hybrid and how a request can be moved across these. It would also cover options for enterprises to make their solutions secure.
(c) Security features provided by current cloud vendors.
(d) How a cloud developer can ensure the solution they are providing is secure.
Key Takeaway after this session: An understanding of various security solutions that developers, deployers, architects can use when using cloud computing solutions
Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools and how to configure those for MongoDB, an overview of security features available in MongoDB, including LDAP, SSL, x.509 and Authentication.
This document proposes an elastic application framework for mobile cloud computing. The framework allows applications to augment the resources of mobile devices with computing resources from the cloud. It discusses key terms like weblets, the device elasticity manager, and cloud elasticity service. It also covers challenges like the need for a new application model and secure communication protocols. Threat models and security objectives are presented, along with approaches for authentication, authorization, and secure migration of application components between devices and the cloud.
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
We’ve entered a new connectivity oriented world where we can access information any time, any place, on any device, 24 hours a day, and cloud computing is a major enabler of this flexibility. Like you, more and more businesses are looking to the cloud for better, faster, more powerful and affordable communications and while many would think that security in the cloud is much different, the reality is less dramatic. Moving to the cloud still requires using proven security techniques, but sometimes in new and dynamic ways that adapt to the elastic nature of cloud architecture. Join us as we discuss the latest cloud security solutions, including real world examples of how organizations like yours are succeeding against new and evolving threats. We will examine security considerations beyond what is provided by security-conscious cloud providers like Amazon Web Services and what additional factors you might want to think about when deploying to the cloud.
Material best practices in network security using ethical hackingDesmond Devendran
Here are the key steps to quantitatively compute expected loss from risks:
1. Determine the value of the assets that may be lost or compromised. This includes tangible replacement costs as well as intangible costs like loss of reputation.
2. Estimate the probability that each threat will materialize into an actual loss, based on historical data if available. Otherwise use an informed estimate.
3. Quantify the impact of each threat as a monetary value equal to the expected loss to the affected assets in case the threat materializes.
4. Compute the annualized loss expectancy (ALE) for each threat as:
ALE = Asset Value x Probability of Threat x Impact/Loss
5. Add up the
This session will cover how operating on the AWS cloud helps you manage risk and remain competitive in an ever changing landscape. We will review how to manage confidentiality, integrity, compliance and availability on AWS.
Speaker: David Kaplan, Security Specialist, Amazon Web Services
Security Architecture Best Practices for SaaS ApplicationsTechcello
Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).
Security architecture best practices for saas applicationskanimozhin
This document discusses security best practices for Software as a Service (SaaS) applications. It recommends adopting a holistic governance framework to manage operational risks, using standards like COBIT 5. Key aspects covered include tenant data isolation, role-based access control, preventing common web attacks, and implementing robust security auditing of events, transactions, and user actions. The goal is to establish trust with customers by providing protection of information, access controls, data security, and audit capabilities.
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
Regulatory requirements such as GDPR are
platform agnostic – and who can predict what
further challenges lie ahead? It certainly will not
become any easier. Security for the mainframe
is likely to remain a live issue. If you have a
mainframe then this affects you. Fortunately, the
help is out there. Attend this session to discover
how Micro Focus can secure your mainframe
environment today and into the future.
#MFSummit2016 Secure: Is your mainframe less secure than your fileserverMicro Focus
This document discusses how Micro Focus products can help improve security for systems that access mainframes. It describes how Micro Focus Management and Security Server (MSS) can centrally manage user authentication using technologies like smart cards and biometrics. The MSS Security Proxy Server only allows authenticated connections, protecting mainframes. The document also explains how Micro Focus terminal emulation can mask sensitive fields, disable copying of fields, and re-authenticate users at different points. It provides an example of how MSS was used to securely provide travel agents access to an airline's mainframe without needing a thick client. Overall, the document summarizes how Micro Focus can help modernize mainframe security practices.
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
Regulatory compliance and security of critical systems, applications and data are top-of-mind issues for IT organizations in 2018. New capabilities are now available from the Syncsort Assure products that can help your organization achieve and maintain compliance while strengthening IBM i security.
View this webinar on-demand to discover how new innovations from Syncsort can help you meet your auditing and control needs.
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
The document discusses building secure multi-tenant applications on .NET for cloud environments. It covers topics like tenant data isolation, role-based access control, addressing the OWASP top 10 security risks, encrypting data during transit and storage, and implementing audit logs to track security and transactions. The framework presented provides tools for application development, tenant provisioning, billing, security, and other features to efficiently build software as a service applications.
Similar to Security Considerations for Microservices and Multi cloud (20)
Stealth attraction for mens gets her with your wordsichettrisagar95
My article gives a set of techniques used by men to subtly and effectively attract women without overtly displaying their intentions. It involves using non-verbal cues, body language, and subtle psychological tactics to create intrigue and build attraction. The goal is to appear confident, mysterious, and charismatic while maintaining an air of mystery that piques the interest of the person you are trying to attract. This approach emphasizes subtlety and finesse in communication and interaction to create a powerful and lasting impression.
Understanding of Self - Applied Social Psychology - Psychology SuperNotesPsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Covey says most people look for quick fixes. They see a big success and want to know how he did it, believing (and hoping) they can do the same following a quick bullet list.
But real change, the author says, comes not from the outside in, but from the inside out. And the most fundamental way of changing yourself is through a paradigm shift.
That paradigm shift is a new way of looking at the world. The 7 Habits of Highly Effective People presents an approach to effectiveness based on character and principles.
The first three habits indeed deal with yourself because it all starts with you. The first three habits move you from dependence from the world to the independence of making your own world.
Habits 4, 5 and 6 are about people and relationships. The will move you from independence to interdependence. Such, cooperating to achieve more than you could have by yourself.
The last habit, habit number 7, focuses on continuous growth and improvement.
Aggression - Applied Social Psychology - Psychology SuperNotesPsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
ProSocial Behaviour - Applied Social Psychology - Psychology SuperNotesPsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
This presentation delves into the core principles of personality development as taught by Tim Han. Understand the importance of self-awareness, goal setting, and maintaining a positive attitude. Gain valuable tips on improving communication skills and developing emotional intelligence. Tim Han’s practical advice and holistic approach will help you embark on a transformative journey towards becoming your best self.
2. Micro services with Pros and Cons
Security Concern for Micro-Services
Multi-Cloud – What & Why
Multi-Cloud Security Concerns
Multi-Cloud Security Solution
Contents
3. What are Micro servicesDashboard
App Tier
User Account
Order
Product
Payment
DB Tier
Dashboard
User
Account
Order
Product
Payment
Monolithic Services
Micro Services
4. Micro services
Dashboard
User
Account
Order
Product
Payment
Micro Services
• An architectural style
• Collection of Loosely coupled services
accessible via API
• Clearly defined interface
• Each service runs as
➢ unique process
➢ usually manages its own database.
• Can be implemented using different
➢ programming languages
➢ Databases
➢ software environment.
➢ Stateless
“One at a time”
5. Micro Services
✓ Smaller Development Cycle
✓ Improves fault resolution
✓ No long-term technology
commitment
✓ Faster and reliable deployment
✓ Increase Uptime
✓ Service Reuse
✓ Scalable and better performance
✓ Better ownership and knowledge
✓ More Security
Pros
Dashboard
User
Account
Order
Product
Payment
Micro Services
Security Pros
• Compromising one service
will not expose entire system
• Defence-in-depth
6. Micro Services
✓ Manage Multiple distributed Systems
✓ Manage multiple Remote API Calls
✓ Manage multiple Databases
✓ Difficult to Test
✓ Issues with Deployment – Holistic
View
Cons
Dashboard
User
Account
Order
Product
Payment
Micro Services
8. Security Considerations – Accessibility
• With micro services internal calls are converted into
Remote API calls
• Use of weak or old passwords could be critical threat
now as interfaces accessible User Account
Order
Product
Payment
10. Security Considerations – Access Control - Solutions
• Solutions
– Long phrase make password strong
• User Should be allowed to use long
passwords like phrases (64 chars by NIST)
• Password should not be truncated if they
exceed maximum password limit
• Eliminate complex rules
– Do not force password reset
• Inform user about login attempts on their
account
– Prevent user from selecting password from list of
Breached passwords
– Embrace use of password managers
User Account
Order
Product
Payment
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
https://www.troyhunt.com/password-strength-indicators-help-people-make-dumb-choices/
11. Security Considerations – Credentials Management
• Lots of secrets !!!
• Secure the keys
– Distributed
• Worsened the Situation
• Difficult to revoked leaked credentials
• Expose credentials to everyone
– Centralized
• Vault - Keep secret A SECRET
• Allow to issue timed credentials
• Keep a record of
– Who used credentials
– For what duration
– No. of times request made
• Easy to Rotate
User Account
Order
Product
Payment
SSH Keys
DB credentialsTLS
Certificates
API Secret
Keys
Environment
Variables
12. Security Considerations – Patch Management
• Different Layers to cover
• Opportunity for implementing defence in depth
Hardware
Operating System
Hyper visor
VM 1 VM 2
OS
Container
OS
App
DB
DB
DB
13. Security Considerations – Patch Management
• Based on you deployment model you can get help
– Cloud Provider will take care
• IaaS
Hardware
Operating System
Hyper visor
VM 1 VM 2
OS
Container
OS
App
DB
DB
DB
IaaS
14. Security Considerations – Patch Management
• Based on you deployment model you can get help
– Cloud Provider will take care
• IaaS
• PaaS
Hardware
Operating System
Hyper visor
VM 1 VM 2
OS
Container
OS
App
DB
DB
DB
PaaS
15. Security Considerations – Patch Management
• Based on you deployment model you can get help
– Cloud Provider will take care
• IaaS
• PaaS
• Serverless Logic
Hardware
Operating System
Hyper visor
VM 1 VM 2
OS
Container
OS
App
DB
DB
DB
ServerLess Logic
16. Security Considerations – Authentication & Authorization
User Account
Order
User Account
3rd Party
User Account
Mutual Authentication 3rd Party Authentication User Authentication
Order
17. Security Considerations – Authentication & Authorization
User Account
User Authentication
• Micro Services are Stateless
• Require separate mechanism for user authentication
• Possible Solutions
Distributed Session
Management
• Different Session based Solution -
•Server can store user specific session
•Each server knows all session details
•Centralized Server for managing server
• Session based solution will eventually
•lead to dependency on any of the server
•Create Bottleneck in the network
Token Based
Authentication
• Authenticate user via token like via JWT
• Self containing – no call to server once issued
• Lack of control on the token
Token With API
Gateway
• Generates Opaque token against access token
• Access token never revealed
• Allows option to revoke token when require
• Allows to control user access to a particular API
Order
18. Security Concerns – Authentication & Authorization
Mutual Authentication
User Account
Order
Product
Payment
19. Security Concerns – Authentication & Authorization
Mutual Authentication
• Services might be running on the
– Same Machine
– Across network
• End point authentication required
• TLS solves this issue
– Protects data confidentiality
– Mutual certification validation helps with
identity validation
• Separate certificate for each service
• Problem
– Too many services Too many certificates
to manage
• Private Certificate Centre can help
User Account
Order
Product
Payment
20. Security Considerations – Authentication & Authorization
User Account
3rd Party
3rd Party Authentication
• Granting access to 3rd party??
– Consider Authentication
– What they can access
• OAuth
• API Token
23. Multi Cloud – What & Why
• A multi-cloud strategy is the use of two or more cloud
computing services.
• A mix of public infrastructure as a service (IaaS)
environments, such as Amazon Web Services and Microsoft
Azure
What
• A way to prevent data loss or downtime due to a localized
component failure in the cloud.
• Use of more price-competitive cloud services
• Taking advantage of the speed, capacity or features offered
by a particular cloud provider in a particular geography.
• Compliance - enterprise data to physically reside in certain
location
Why
24. Multi Cloud Security Consideration
• Isolated Clouds Are Less Secure
– multiple secure clouds are not the same thing as a
secure multi-cloud.
• Poor visibility.
– o see into each cloud individually, but not into all clouds
at once, with no comprehensive view
• Lack of Coordination
– Isolated clouds PREVENT integration between security
functions and centralized orchestration. Thus preventing
coordinated response to mitigate the impact
• High TCO(Total Cost of Ownership) and reactive Security
– Spending hours matching and aggregating data from
different cloud management portals and then deciding
on appropriate actions takes time
• Example –
• Financial Services: Digital Transformation in the
Cloud
• Robust security provisions, such as Salesforce Trust and Fiserv’s
Sentry, are meant to allay security concerns.
• But it’s up to the bank’s security team, however, to figure out
whether the standards provided by these security provisions
match those of their internal network, and whether they can
ensure PCI compliance when personally identifiable data
traverses multiple cloud boundaries
• Education: Resourced Constrained
• Healthcare: IoMT Threats
25. Multi Cloud Security Solution
• Avoid ShadowOps
• Prioritize Visibility
– Solution that offers deep visibility, ideally at the
workload layer.
– Signature-based monitoring is not enough in the cloud.
Focus on behavior-based monitoring for detecting
anomalous behavior
• Uphold the Shared Responsibility Model
– make sure you understand the shared responsibility
model.
– If someone logs into production without permissions
and does something to put your organization at risk,
that’s on you.
• Focus on Automation
• We recommend that organizations leverage automation to
become secure by design