SlideShare a Scribd company logo

The 15 best cloud security practices

Cloudride LTD
Cloudride LTD

Cloudride - Is a professional services company for public cloud platforms focused on security & cost optimization.

Business
1 of 15
Download to read offline
CloudSecurity BestPractices PRESENTED BY CLOUDRIDE © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL
TABLEOFCONTENTS UNDERSTAND YOUR SECURITY POSTURE/ STATUS Employee education on cloud security Your current security process Documentation for the incident response process Your most critical data 4 4 4 4 5 5 6 7 8 9 9 10 10 11 11 12 12 12 13 CLOUD SECURITY BEST PRACTICES. Enable single sign-on (SSO) Turn on conditional access Proactively monitor your cloud infrastructure for threats Adopt multi-factor authentication (MFA) Gain visibility into your cloud environment. Educate your employees Audit and Optimize Monitor File Integrity Disable SSH/RDP Access to virtual machines. Implement data encryption Utilize intrusion detection and prevention technologies Conduct Audits and run penetration testing Secure the endpoints Develop a safe list Start with low-risk assets 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL
15 Cloud Security Best Practices to secure your cloud infrastructure. Whether you’ve migrated to the cloud or are thinking of migrating your infrastructure, security is and should always be your top priority. Most organizations think security solely lies with the cloud vendors but more often than not, it isn’t the case. It’s your responsibility to exert all necessary measures to protect your data, applications, systems and networks. Alongside all the benefits cloud computing has to offer, it also presents new security challenges; from increased complexity straining the IT staff to challenging security control on multi-cloud environments.  This eBook will delve into how you can understand your security posture, best practices for cloud security, who is responsible for cloud security and how Cloudride can help in securing your data and protecting your systems and networks from security threats. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL
CLOUDRIDE PAGE 01 Employee education on cloud security Your current security process Documentation for the incident response process Your most critical data Your security posture should tie directly to your company’s objectives, business, scaling needs and expansion, so that you can know the true evaluation of your security status. Below are points you should consider to determine and understand your security posture. Is the company staff aware and conversant with the basic security measures in place, the reasons why, the do’s & don’ts and the importance of maintaining such security best practices?Your staff is more likely to alert the IT team when something seems off more so when they understand the security basics and security measures implemented. The IT team should seek to educate all staff on cloud security and build a security culture in the company. Does your current security process prove to be effective in securing your cloud infrastructure?Conduct an audit to measure the effectiveness of the security process and the various security controls. Assess and reassess security threats and implications, and test your security controls’ resilience to such potential risks. Do you have a well-documented incident response process?  In any organization running on the cloud, at some point, an incident will occur. If it does, there should be a process put in place for detection, response, mitigation, elimination and education. The IT and security team should have in place a clear data vulnerability hierarchy, specifying which data is of top importance (security-wise) to the business. Data such as client information and intellectual property are usually a top priority in protecting the business against security threats. After understanding your security posture, you can then implement cloud security best practices. UNDERSTAND YOUR SECURITY POSTURE/STATUS. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 4
CLOUDRIDE PAGE 03 To ensure your cloud environment and workload is secure, make sure the following measures are in place: 1. Enable single sign-on (SSO) One of the main causes of breaches is compromised credentials. The more passwords we have - the less complex they tend to be. This is natural because with multiple passwords, it becomes more and more difficult to remember so we tend to start using weak passwords and reusing passwords across different applications. This makes your cloud workloads susceptible to security threats. Once you establish the SSO, your users can access the resources and data they need without having to remember a ton of passwords for each application or service they need to use. In addition, SSO enables you to control and manage employee access to specific resources or data, based on the employee’s role, ‘need-to-know’ and other criteria you have in place. For organizations using Microsoft Azure, they can enable SSO through Azure AD and businesses on AWS can enable it through the AWS SSO Console. Organizations not enabling SSO, run the risk of a breach because of users using common passwords on all applications and use of weak passwords which can easily be compromised. 2. Turn on conditional access Employees not only bring their personal devices to work but also use the devices to access the organization’s resources. The same devices would, later on, be installed with personal apps. The problem arises when the non-monitored devices don’t meet your security standards and the organization’s data is compromised. CLOUD SECURITY BEST PRACTICES. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 5
CLOUDRIDE PAGE 03 Run Azure AD anomaly reports on a daily basis or on-demand to identify brute force attacks on an account, attempts of signing in from multiple locations, sign-ins from infected devices and suspicious IP addresses. Use Azure AD Identity Protection to protect your organization’s identities. Configure risk-based policies that respond to detected issues when a specific risk level is reached. Leverage Azure Monitor. It provides an analysis of how your applications are performing and proactively identifies issues that might affect the applications and services you use. Identity Access control measures (i.e monitoring who is accessing resources) aren’t enough. It is imperative for you to know how the resources are accessed in order to secure your workloads. Through the Azure Active Directory and AWS Identity and Access Management, you can make automated control decisions based on conditions for accessing your cloud resources. 3. Proactively monitor your cloud infrastructure for threats Security solutions used to be reactive in nature, but with the rise of more complex attacks and with the increase in sensitive data & resources stored on the cloud, IT managers, DevOps engineers, Site Reliability engineers and developers need to be proactive in the sense that enables better implementation of security best practices to avoid risk, and also detecting anomalies early on, before they spread to compromise your entire cloud infrastructure. Most hackers sit on your system for days or even months gathering intelligence to attack your system and steal your data undetected. This brings about the need to actively monitor your system and infrastructure to identify suspicious activities and malware in the system before they take hold. For businesses on Microsoft Azure, you can implement the following monitoring measures: © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 6
CLOUDRIDE PAGE 03 Use Amazon CloudWatch to detect suspicious activity in your environment, visualize logs, implement automated measures, troubleshoot issues and analyze insights of your applications, AWS resources and services. Leverage Amazon GuardDuty to identify malicious activity in your AWS account. With information gleaned from your VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, this allows GuardDuty to detect many different types of dangerous and mischievous behavior including probes for known vulnerabilities, port scans and probes, and access from unusual locations. For those running their infrastructure on AWS, impose the following monitoring measures: Organizations that don’t monitor their infrastructure frequently, run the risk of compromising the security on their systems. Security attacks differ from one to another, and there is no single cut & paste measure that if worked once, will therefore work indefinitely. Without frequently scanning, monitoring and managing these threats, organizations can’t be in control and mitigate risk. 4. Adopt multi-factor authentication (MFA) The conventional authentication techniques of solely using a username and a password are insufficient in cloud environments, because the cloud is susceptible to attacks. The solution is, therefore, the implementation of MFA. The goal of MFA is to provide an extra layer of security to make it challenging for an unauthorized entity to access the network, applications, services or the entire infrastructure. MFA requires users to receive a security code on their phone or a one- time password to use as opposed to just a username and password. This will make it harder for hackers or unauthorized entities to gain access to your cloud, as they won’t obtain the code or the one-time password even when they have access to your standard credentials. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 7
CLOUDRIDE PAGE 03 Have strong access control management in place. This would ensure no user is given more privileges than necessary and end up misusing their access by breaching data from the inside. Constantly monitor user activity to ensure no deviation from the company policies. Protect your data at rest and in motion and implement data loss prevention (DLP) to ensure, if data is compromised, it won’t get out of the network. Even the strongest of security measures sometimes can’t prevent all breaches, so at some point, a breach might occur. When it does, you must be prepared by putting in place processes and technologies to mitigate the risks and reduce the attack implications. 5. Gain visibility into your cloud environment. To secure their cloud environment, organizations need to map their entire infrastructure and know every application, service, data running on it, the ones running but not used, and all the authorized users for each. Organizations often obtain various cloud technologies, features or applications they don’t necessarily need… some without collaboration with the IT and security team. This will cause visibility & control issues in your cloud environment, because it makes it difficult to track all the assets running on your infrastructure. In addition to that, as most organizations use containerized workloads, many security and IT teams find it difficult to make sense of how container technology works. So really your organization would be going in blind when the IT team is left behind. The main point is that you can’t secure what you can’t see. So how do you get visibility and control over your infrastructure security? Here are a few best practices you can implement. Maintaining strong visibility into your cloud is essential because you are then able to protect your applications, critical data, workloads and network from critical breaches. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 8
CLOUDRIDE PAGE 03 6. Educate your employees Successful cloud migration and smooth running of the workloads without security issues depends, to some extent, on the capabilities of the employees and how conversant they are with cloud infrastructure environments. The security processes, protocols and measures you set in place to protect your cloud are useful only when your employees understand and know how to implement and abide by them. For instance, when implementing the single sign-on, you should educate them on why it is important and how to use it. In addition to that, they should also be able to identify the different types of cyberattacks and various mitigation strategies, so they can be on the lookout if they sense something is off. Having an educated staff would ease the burden put on the security and IT team trying to maintain strong visibility into the cloud environment because the staff would be only using approved applications and services, communicate detected anomalies and abide by protocols. 7. Audit and Optimize An important cybersecurity best practice is to constantly audit and optimize your posture and infrastructure. The frequency of the audits depends on the complexity of your cloud environment. It can be daily, weekly or monthly but be sure to audit your cloud security frequently enough and consistently. An audit would shed light on the unapproved applications and services that crop up and pose a risk to your cloud posture and environment. It also shows where your environment is more vulnerable and susceptible to threats. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 9
PAGE 03 Leveraging the point-to-site VPN also referred to as the remote access VPN server connection. A user can use SSH or RDP to connect to any virtual machine that the user accessed via the point to site VPN. 8. Monitor File Integrity As you are well aware, there is a great number of sophisticated threats targeting organizations, and it’s only a matter of time until a breach of some sort occurs. Cloud threats attack key assets of an organization in an attempt to progress undetected towards the system control and critical data. File integrity monitoring provides a layer of defense to identify suspicious changes in system files and prevents attacks from occurring before they cause critical damage. File Integrity monitoring tools analyze current file attributes and compare these to the baseline, aiming to identify any suspicious changes. 9. Disable SSH/RDP Access to virtual machines. Virtual machines are accessed by using Remote Desktop Protocol and the Secure Shell Protocol. These protocols enable the management of Virtual machines from remote locations and are standard in cloud computing. The main security concern of using these protocols over the internet is that attackers can attack your virtual machines using bruteforce techniques. They’ll then use the compromised virtual machine as a launch point to infiltrate other virtual machines on your virtual network. Disabling access from RDP and SSH to these virtual machines over the internet will secure your virtual network from such attacks. Below are some alternative ways you can access your virtual machines for remote management. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 10
CLOUDRIDE PAGE 03 Use a site to site VPN. it connects an entire network to another network through the internet. You can connect your on-premise network to your virtual network, then users can access your virtual machine through RDP and SSH protocols over the site to site VPN without the need of allowing direct access of RDP and SSH over the internet. Using alternatives to accessing virtual machines over the internet other than using RDP and SSH would provide an extra layer of security to your cloud infrastructure. 10. Implement data encryption Date encryption is basically encoding your data so that it remains inaccessible from unauthorized users. This means that even if due to a security breach your data is accessed, it is useless to the attackers as they won’t be able to read it. Best practice is to encrypt your data both at rest, and in transit, because most attacks happen on data that is being shared and on the move. Both Azure and AWS offer SQL database transparent data encryption which performs real-time encryption and decryption of the database, backups and log files. It encrypts the entire database using a symmetric key. Local encryption added to the encryption services offered by your cloud provider would add an extra layer of security. 11. Utilize intrusion detection and prevention technologies This is a reactive form of cloud security best practice. These IDS and IPS identify an attack once it occurs, and take measures to stop the attack. They also alert administrators of suspicious activities and policy violations. You can use the intrusion systems offered by your cloud provider in conjunction with a comprehensive third-party IDS and IPS solution. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 11
CLOUDRIDE PAGE 03 12. Conduct Audits and run penetration testing Penetration testing determines whether your current cloud security efforts are effective in protecting your data and workloads.This is important because it shows you where your system is most vulnerable, and you can then improve your security measures. In parallel, conduct regular audits of your cloud security capabilities. This includes an audit of your cloud provider’s capabilities in securing your infrastructure and that they are meeting the security standards required. 13. Secure the endpoints To be more productive, organizations have granted access to data and applications from anywhere, anytime and from any device. The endpoint devices accessing your data complicate cloud security in many ways. From the growing list of endpoint devices accessing the cloud which is susceptible to attacks and exposes the whole network, to the lack of knowledge of the content of those endpoint devices. If you’ve already put up measures such as intrusion detection and prevention solutions, using conditional access, antimalware and other measures, then you have the right solutions in place But you still have to constantly be on the lookout for new threats that might override your current security measures and optimize accordingly. 14. Develop a safe list Employees conduct their work using various cloud services but there are cases where they use the services for their personal gains. This might bring about compromise in security and legal problems due to compliance issues. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 12
PAGE 03 Define your cloud security needs and requirements before choosing a cloud vendor. If you know your requirements, you’ll select a cloud provider suited to answer your needs. As such, developing a safe list as part of your security measures is vital. This safe list would stipulate the services employees are allowed to access through their cloud accounts and they are aware of the type of data which is allowed to be shared over the cloud. 15. Start with low-risk assets As you migrate to the cloud, start with less sensitive data and applications. Move items that would not cost much due to downtime and data loss. You would be vetting the reliability and capabilities of your cloud provider in securing your assets. When you have vetted them and are confident in their capabilities, you can move the high-risk assets such as clients’ data. Who is responsible for cloud security? Within the field of cloud environments, there are generally two parties responsible for infrastructure security. 1.  Your cloud vendor.  2. Your own company’s IT / Security team. Some companies believe that as cloud customers, when they migrate to the cloud, cloud security responsibilities fall solely on the cloud vendors. Well, it is clearly described in detail above, that’s not the case. Both the cloud customers and cloud vendors share responsibilities in cloud security and are both liable to the security of the environment and infrastructure. To better manage the shared responsibility, consider the following tips: © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 13
CLOUDRIDE PAGE 03 Clarify the roles and responsibilities of each party when it comes to cloud security. Comprehensively define who is responsible for what and to what extent. Know how far your cloud provider is willing to go to protect your environment. Basically, CSPs are responsible for the security of the physical or virtual infrastructure and the security configuration of their managed services while the cloud customers are in control of their data and the security measures they set in place to protect their data, system, networks and applications. Cloudride is a full-service consultancy firm for public cloud platforms, with expertise in main cloud providers such as MS-AZURE, AWS and GCP alongside with an ISVs wide ecosystem in order to provide coherent solutions tailored to each customer's needs. Driven by market best practices approach and uncompromised security awareness, Cloudride's expert team is obligated to serve customer needs in a timely manner, pursuing the highest quality of delivery and keeping budget constraints under control. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 14 HOW CAN CLOUDRIDE HELP
Book a Meeting cloudride.co.il

Recommended

Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenant
Robert Crane
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
PowerSaturdayParis
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App Security
Alvaro Rezende
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
Akram Qureshi
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
Microsoft Österreich
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Adam Levithan
 

Recommended

Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenant
Robert Crane
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
PowerSaturdayParis
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App Security
Alvaro Rezende
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
Akram Qureshi
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
Microsoft Österreich
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Adam Levithan
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
Allessandra Negri
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
Ammar Hasayen
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
Microsoft Österreich
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CloudIDSummit
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
Microsoft Österreich
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Microsoft
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
David De Vos
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
David De Vos
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat Analytics
Microsoft Österreich
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedElastica Inc.
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Cenzic
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 

More Related Content

What's hot

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
Allessandra Negri
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
Ammar Hasayen
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
Microsoft Österreich
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CloudIDSummit
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
Microsoft Österreich
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Microsoft
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
David De Vos
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
David De Vos
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat Analytics
Microsoft Österreich
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedElastica Inc.
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Cenzic
 

What's hot (20)

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat Analytics
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 

Similar to The 15 best cloud security practices

Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Cloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdfCloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdf
manoharparakh
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
Skyline IT Management
 
Cloud transformation Service in Hy.pdf
Cloud transformation Service in Hy.pdfCloud transformation Service in Hy.pdf
Cloud transformation Service in Hy.pdf
PetaBytz Technologies
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Forgeahead Solutions
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
Three Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfThree Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdf
Enterprise Insider
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceKeith Purves
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PiecePaul Richards
 
Are Your Endpoints Protected?
Are Your Endpoints Protected?Are Your Endpoints Protected?
Are Your Endpoints Protected?
The TNS Group
 
How to implement cloud computing security
How to implement cloud computing securityHow to implement cloud computing security
How to implement cloud computing securityRandall Spence
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
LokNathRegmi1
 

Similar to The 15 best cloud security practices (20)

Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdfCloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
All You Need to Know About 5 Biggest Cloud Security Risks and How One Can Avo...
 
Cloud transformation Service in Hy.pdf
Cloud transformation Service in Hy.pdfCloud transformation Service in Hy.pdf
Cloud transformation Service in Hy.pdf
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Three Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfThree Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdf
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
 
Are Your Endpoints Protected?
Are Your Endpoints Protected?Are Your Endpoints Protected?
Are Your Endpoints Protected?
 
How to implement cloud computing security
How to implement cloud computing securityHow to implement cloud computing security
How to implement cloud computing security
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 

Recently uploaded

FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
RajPriye
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
seoforlegalpillers
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
zechu97
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 

Recently uploaded (20)

FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 

The 15 best cloud security practices

  • 1. CloudSecurity BestPractices PRESENTED BY CLOUDRIDE © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL
  • 2. TABLEOFCONTENTS UNDERSTAND YOUR SECURITY POSTURE/ STATUS Employee education on cloud security Your current security process Documentation for the incident response process Your most critical data 4 4 4 4 5 5 6 7 8 9 9 10 10 11 11 12 12 12 13 CLOUD SECURITY BEST PRACTICES. Enable single sign-on (SSO) Turn on conditional access Proactively monitor your cloud infrastructure for threats Adopt multi-factor authentication (MFA) Gain visibility into your cloud environment. Educate your employees Audit and Optimize Monitor File Integrity Disable SSH/RDP Access to virtual machines. Implement data encryption Utilize intrusion detection and prevention technologies Conduct Audits and run penetration testing Secure the endpoints Develop a safe list Start with low-risk assets 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL
  • 3. 15 Cloud Security Best Practices to secure your cloud infrastructure. Whether you’ve migrated to the cloud or are thinking of migrating your infrastructure, security is and should always be your top priority. Most organizations think security solely lies with the cloud vendors but more often than not, it isn’t the case. It’s your responsibility to exert all necessary measures to protect your data, applications, systems and networks. Alongside all the benefits cloud computing has to offer, it also presents new security challenges; from increased complexity straining the IT staff to challenging security control on multi-cloud environments.  This eBook will delve into how you can understand your security posture, best practices for cloud security, who is responsible for cloud security and how Cloudride can help in securing your data and protecting your systems and networks from security threats. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL
  • 4. CLOUDRIDE PAGE 01 Employee education on cloud security Your current security process Documentation for the incident response process Your most critical data Your security posture should tie directly to your company’s objectives, business, scaling needs and expansion, so that you can know the true evaluation of your security status. Below are points you should consider to determine and understand your security posture. Is the company staff aware and conversant with the basic security measures in place, the reasons why, the do’s & don’ts and the importance of maintaining such security best practices?Your staff is more likely to alert the IT team when something seems off more so when they understand the security basics and security measures implemented. The IT team should seek to educate all staff on cloud security and build a security culture in the company. Does your current security process prove to be effective in securing your cloud infrastructure?Conduct an audit to measure the effectiveness of the security process and the various security controls. Assess and reassess security threats and implications, and test your security controls’ resilience to such potential risks. Do you have a well-documented incident response process?  In any organization running on the cloud, at some point, an incident will occur. If it does, there should be a process put in place for detection, response, mitigation, elimination and education. The IT and security team should have in place a clear data vulnerability hierarchy, specifying which data is of top importance (security-wise) to the business. Data such as client information and intellectual property are usually a top priority in protecting the business against security threats. After understanding your security posture, you can then implement cloud security best practices. UNDERSTAND YOUR SECURITY POSTURE/STATUS. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 4
  • 5. CLOUDRIDE PAGE 03 To ensure your cloud environment and workload is secure, make sure the following measures are in place: 1. Enable single sign-on (SSO) One of the main causes of breaches is compromised credentials. The more passwords we have - the less complex they tend to be. This is natural because with multiple passwords, it becomes more and more difficult to remember so we tend to start using weak passwords and reusing passwords across different applications. This makes your cloud workloads susceptible to security threats. Once you establish the SSO, your users can access the resources and data they need without having to remember a ton of passwords for each application or service they need to use. In addition, SSO enables you to control and manage employee access to specific resources or data, based on the employee’s role, ‘need-to-know’ and other criteria you have in place. For organizations using Microsoft Azure, they can enable SSO through Azure AD and businesses on AWS can enable it through the AWS SSO Console. Organizations not enabling SSO, run the risk of a breach because of users using common passwords on all applications and use of weak passwords which can easily be compromised. 2. Turn on conditional access Employees not only bring their personal devices to work but also use the devices to access the organization’s resources. The same devices would, later on, be installed with personal apps. The problem arises when the non-monitored devices don’t meet your security standards and the organization’s data is compromised. CLOUD SECURITY BEST PRACTICES. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 5
  • 6. CLOUDRIDE PAGE 03 Run Azure AD anomaly reports on a daily basis or on-demand to identify brute force attacks on an account, attempts of signing in from multiple locations, sign-ins from infected devices and suspicious IP addresses. Use Azure AD Identity Protection to protect your organization’s identities. Configure risk-based policies that respond to detected issues when a specific risk level is reached. Leverage Azure Monitor. It provides an analysis of how your applications are performing and proactively identifies issues that might affect the applications and services you use. Identity Access control measures (i.e monitoring who is accessing resources) aren’t enough. It is imperative for you to know how the resources are accessed in order to secure your workloads. Through the Azure Active Directory and AWS Identity and Access Management, you can make automated control decisions based on conditions for accessing your cloud resources. 3. Proactively monitor your cloud infrastructure for threats Security solutions used to be reactive in nature, but with the rise of more complex attacks and with the increase in sensitive data & resources stored on the cloud, IT managers, DevOps engineers, Site Reliability engineers and developers need to be proactive in the sense that enables better implementation of security best practices to avoid risk, and also detecting anomalies early on, before they spread to compromise your entire cloud infrastructure. Most hackers sit on your system for days or even months gathering intelligence to attack your system and steal your data undetected. This brings about the need to actively monitor your system and infrastructure to identify suspicious activities and malware in the system before they take hold. For businesses on Microsoft Azure, you can implement the following monitoring measures: © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 6
  • 7. CLOUDRIDE PAGE 03 Use Amazon CloudWatch to detect suspicious activity in your environment, visualize logs, implement automated measures, troubleshoot issues and analyze insights of your applications, AWS resources and services. Leverage Amazon GuardDuty to identify malicious activity in your AWS account. With information gleaned from your VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, this allows GuardDuty to detect many different types of dangerous and mischievous behavior including probes for known vulnerabilities, port scans and probes, and access from unusual locations. For those running their infrastructure on AWS, impose the following monitoring measures: Organizations that don’t monitor their infrastructure frequently, run the risk of compromising the security on their systems. Security attacks differ from one to another, and there is no single cut & paste measure that if worked once, will therefore work indefinitely. Without frequently scanning, monitoring and managing these threats, organizations can’t be in control and mitigate risk. 4. Adopt multi-factor authentication (MFA) The conventional authentication techniques of solely using a username and a password are insufficient in cloud environments, because the cloud is susceptible to attacks. The solution is, therefore, the implementation of MFA. The goal of MFA is to provide an extra layer of security to make it challenging for an unauthorized entity to access the network, applications, services or the entire infrastructure. MFA requires users to receive a security code on their phone or a one- time password to use as opposed to just a username and password. This will make it harder for hackers or unauthorized entities to gain access to your cloud, as they won’t obtain the code or the one-time password even when they have access to your standard credentials. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 7
  • 8. CLOUDRIDE PAGE 03 Have strong access control management in place. This would ensure no user is given more privileges than necessary and end up misusing their access by breaching data from the inside. Constantly monitor user activity to ensure no deviation from the company policies. Protect your data at rest and in motion and implement data loss prevention (DLP) to ensure, if data is compromised, it won’t get out of the network. Even the strongest of security measures sometimes can’t prevent all breaches, so at some point, a breach might occur. When it does, you must be prepared by putting in place processes and technologies to mitigate the risks and reduce the attack implications. 5. Gain visibility into your cloud environment. To secure their cloud environment, organizations need to map their entire infrastructure and know every application, service, data running on it, the ones running but not used, and all the authorized users for each. Organizations often obtain various cloud technologies, features or applications they don’t necessarily need… some without collaboration with the IT and security team. This will cause visibility & control issues in your cloud environment, because it makes it difficult to track all the assets running on your infrastructure. In addition to that, as most organizations use containerized workloads, many security and IT teams find it difficult to make sense of how container technology works. So really your organization would be going in blind when the IT team is left behind. The main point is that you can’t secure what you can’t see. So how do you get visibility and control over your infrastructure security? Here are a few best practices you can implement. Maintaining strong visibility into your cloud is essential because you are then able to protect your applications, critical data, workloads and network from critical breaches. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 8
  • 9. CLOUDRIDE PAGE 03 6. Educate your employees Successful cloud migration and smooth running of the workloads without security issues depends, to some extent, on the capabilities of the employees and how conversant they are with cloud infrastructure environments. The security processes, protocols and measures you set in place to protect your cloud are useful only when your employees understand and know how to implement and abide by them. For instance, when implementing the single sign-on, you should educate them on why it is important and how to use it. In addition to that, they should also be able to identify the different types of cyberattacks and various mitigation strategies, so they can be on the lookout if they sense something is off. Having an educated staff would ease the burden put on the security and IT team trying to maintain strong visibility into the cloud environment because the staff would be only using approved applications and services, communicate detected anomalies and abide by protocols. 7. Audit and Optimize An important cybersecurity best practice is to constantly audit and optimize your posture and infrastructure. The frequency of the audits depends on the complexity of your cloud environment. It can be daily, weekly or monthly but be sure to audit your cloud security frequently enough and consistently. An audit would shed light on the unapproved applications and services that crop up and pose a risk to your cloud posture and environment. It also shows where your environment is more vulnerable and susceptible to threats. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 9
  • 10. PAGE 03 Leveraging the point-to-site VPN also referred to as the remote access VPN server connection. A user can use SSH or RDP to connect to any virtual machine that the user accessed via the point to site VPN. 8. Monitor File Integrity As you are well aware, there is a great number of sophisticated threats targeting organizations, and it’s only a matter of time until a breach of some sort occurs. Cloud threats attack key assets of an organization in an attempt to progress undetected towards the system control and critical data. File integrity monitoring provides a layer of defense to identify suspicious changes in system files and prevents attacks from occurring before they cause critical damage. File Integrity monitoring tools analyze current file attributes and compare these to the baseline, aiming to identify any suspicious changes. 9. Disable SSH/RDP Access to virtual machines. Virtual machines are accessed by using Remote Desktop Protocol and the Secure Shell Protocol. These protocols enable the management of Virtual machines from remote locations and are standard in cloud computing. The main security concern of using these protocols over the internet is that attackers can attack your virtual machines using bruteforce techniques. They’ll then use the compromised virtual machine as a launch point to infiltrate other virtual machines on your virtual network. Disabling access from RDP and SSH to these virtual machines over the internet will secure your virtual network from such attacks. Below are some alternative ways you can access your virtual machines for remote management. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 10
  • 11. CLOUDRIDE PAGE 03 Use a site to site VPN. it connects an entire network to another network through the internet. You can connect your on-premise network to your virtual network, then users can access your virtual machine through RDP and SSH protocols over the site to site VPN without the need of allowing direct access of RDP and SSH over the internet. Using alternatives to accessing virtual machines over the internet other than using RDP and SSH would provide an extra layer of security to your cloud infrastructure. 10. Implement data encryption Date encryption is basically encoding your data so that it remains inaccessible from unauthorized users. This means that even if due to a security breach your data is accessed, it is useless to the attackers as they won’t be able to read it. Best practice is to encrypt your data both at rest, and in transit, because most attacks happen on data that is being shared and on the move. Both Azure and AWS offer SQL database transparent data encryption which performs real-time encryption and decryption of the database, backups and log files. It encrypts the entire database using a symmetric key. Local encryption added to the encryption services offered by your cloud provider would add an extra layer of security. 11. Utilize intrusion detection and prevention technologies This is a reactive form of cloud security best practice. These IDS and IPS identify an attack once it occurs, and take measures to stop the attack. They also alert administrators of suspicious activities and policy violations. You can use the intrusion systems offered by your cloud provider in conjunction with a comprehensive third-party IDS and IPS solution. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 11
  • 12. CLOUDRIDE PAGE 03 12. Conduct Audits and run penetration testing Penetration testing determines whether your current cloud security efforts are effective in protecting your data and workloads.This is important because it shows you where your system is most vulnerable, and you can then improve your security measures. In parallel, conduct regular audits of your cloud security capabilities. This includes an audit of your cloud provider’s capabilities in securing your infrastructure and that they are meeting the security standards required. 13. Secure the endpoints To be more productive, organizations have granted access to data and applications from anywhere, anytime and from any device. The endpoint devices accessing your data complicate cloud security in many ways. From the growing list of endpoint devices accessing the cloud which is susceptible to attacks and exposes the whole network, to the lack of knowledge of the content of those endpoint devices. If you’ve already put up measures such as intrusion detection and prevention solutions, using conditional access, antimalware and other measures, then you have the right solutions in place But you still have to constantly be on the lookout for new threats that might override your current security measures and optimize accordingly. 14. Develop a safe list Employees conduct their work using various cloud services but there are cases where they use the services for their personal gains. This might bring about compromise in security and legal problems due to compliance issues. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 12
  • 13. PAGE 03 Define your cloud security needs and requirements before choosing a cloud vendor. If you know your requirements, you’ll select a cloud provider suited to answer your needs. As such, developing a safe list as part of your security measures is vital. This safe list would stipulate the services employees are allowed to access through their cloud accounts and they are aware of the type of data which is allowed to be shared over the cloud. 15. Start with low-risk assets As you migrate to the cloud, start with less sensitive data and applications. Move items that would not cost much due to downtime and data loss. You would be vetting the reliability and capabilities of your cloud provider in securing your assets. When you have vetted them and are confident in their capabilities, you can move the high-risk assets such as clients’ data. Who is responsible for cloud security? Within the field of cloud environments, there are generally two parties responsible for infrastructure security. 1.  Your cloud vendor.  2. Your own company’s IT / Security team. Some companies believe that as cloud customers, when they migrate to the cloud, cloud security responsibilities fall solely on the cloud vendors. Well, it is clearly described in detail above, that’s not the case. Both the cloud customers and cloud vendors share responsibilities in cloud security and are both liable to the security of the environment and infrastructure. To better manage the shared responsibility, consider the following tips: © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 13
  • 14. CLOUDRIDE PAGE 03 Clarify the roles and responsibilities of each party when it comes to cloud security. Comprehensively define who is responsible for what and to what extent. Know how far your cloud provider is willing to go to protect your environment. Basically, CSPs are responsible for the security of the physical or virtual infrastructure and the security configuration of their managed services while the cloud customers are in control of their data and the security measures they set in place to protect their data, system, networks and applications. Cloudride is a full-service consultancy firm for public cloud platforms, with expertise in main cloud providers such as MS-AZURE, AWS and GCP alongside with an ISVs wide ecosystem in order to provide coherent solutions tailored to each customer's needs. Driven by market best practices approach and uncompromised security awareness, Cloudride's expert team is obligated to serve customer needs in a timely manner, pursuing the highest quality of delivery and keeping budget constraints under control. © 2020 | CLOUDRIDE.CO.IL | HELLO@CLOUDRIDE.CO.IL 14 HOW CAN CLOUDRIDE HELP