Regardless of whether your data resides on-premises, in the cloud, or a combination of both, you are vulnerable to security threats, data breaches, data loss, and more. Security is often cited as a concern for organizations who are migrating to the public cloud, but the belief that the public cloud is not secure is a myth.
In fact, the leading public cloud service providers have built rigorous security capabilities to ensure that your applications, assets, and services are protected. Security in the public cloud is now becoming a driver for many organizations, but in a rapidly evolving multicloud environment, you must keep up with changes that might impact your security posture.
This eBook outlines the three core recommendations for cloud security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform
Microsoft cloud app security or CASB is a critical component of the Microsoft cloud security stack. It provides a comprehensive solution to give organizations improved visibility into cloud activities, uncover shadow IT, assess risks, enforce polices, investigate suspicious activities and stop threats
https://blog.ahasayen.com/microsoft-cloud-app-security-casb/
Microsoft cloud app security or CASB is a critical component of the Microsoft cloud security stack. It provides a comprehensive solution to give organizations improved visibility into cloud activities, uncover shadow IT, assess risks, enforce polices, investigate suspicious activities and stop threats
https://blog.ahasayen.com/microsoft-cloud-app-security-casb/
Cloud summit demystifying cloud securityDavid De Vos
During this session we’ll cover the key solutions and steps to securing a cloud environment.
We’ll cover policy creation, security posture management & cybersecurity incident analysis. You’ll see how compliance is made easy in the cloud and how continuous monitoring works. We’ll explain how multi-cloud security works as well!
As we walk through the solutions, we’ll share some best practices and use cases from our experience.
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
My second paper on Cybersecurity frameworks and how Saudi Arabia is forming. This paper has been published by the International Journal of Computer Science and Information Security (IJCSIS) in April 2021, Vol. 19 No. 4 Publication.
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
Zero Trust Security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the Zero Trust Security approach is Next-Gen Access, which combines the critical capabilities of such technologies as Identity as a Service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a Zero Trust Security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console and AWS CLI, and managing developer access to Amazon EC2 instances and the containerized applications that run on them. This session is brought to you by AWS partner, Centrify.
Core strategies to develop defense in depth in AWSShane Peden
Information security guidance and strategies for securing cloud infrastructure in Amazon Web Services, presented by risk3sixty LLC and Afonza. Atlanta based cyber risk management.
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
Forget the geeky analysis of cloud security; risk is driven by people involved and the approach to adoption. In this RSA Conference 2015 presentation, David Etue, VP of Corporate Strategy, Gemalto, reviews the complex issues around data ownership and control in the cloud. When so many people have access to your data, how do you keep it safe? Unshare it!
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
Whether or not you’re in the cloud, your employees are. This brings new challenges for Identity, Security and Compliance teams. Bring the security
of your on-premises systems to your cloud applications — both approved and unapproved — for deeper transparency, comprehensive controls, and
enhanced protection against cloud security issues.
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
Andras Cser, VP Principal Analyst at Forrester Research and Carson Sweet, CEO at CloudPassage discussed a new enterprise security architecture that will:
-Apply elastic compute power, big data, and massively horizontal distribution of security controls and telemetry.
-Automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments.
-Address both data at rest and in motion and create minimal resource impact across environments.
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
As government agencies expand the use of cloud services, security continues to be a top priority for program managers, policymakers, and cloud service providers (CSPs). Governments and agencies worldwide are moving workloads with varying levels of sensitivity to the cloud. This session will feature agency-level security risk management practices and address common myths about security in the cloud. Participants will gain insight into how governments are leveraging cloud computing to improve their security posture and more quickly benefit from economies of scale.
Mark Ryland, Chief Solutions Architect, Amazon Web Services, WWPS
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
Enhance data security with our Data Resilience Cloud. No software/hardware; solve security challenges. Scale resources dynamically. Achieve resilience, efficiency, compliance. Partner with Cuneiform for seamless cloud data protection.
Cloud summit demystifying cloud securityDavid De Vos
During this session we’ll cover the key solutions and steps to securing a cloud environment.
We’ll cover policy creation, security posture management & cybersecurity incident analysis. You’ll see how compliance is made easy in the cloud and how continuous monitoring works. We’ll explain how multi-cloud security works as well!
As we walk through the solutions, we’ll share some best practices and use cases from our experience.
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
My second paper on Cybersecurity frameworks and how Saudi Arabia is forming. This paper has been published by the International Journal of Computer Science and Information Security (IJCSIS) in April 2021, Vol. 19 No. 4 Publication.
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
Zero Trust Security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the Zero Trust Security approach is Next-Gen Access, which combines the critical capabilities of such technologies as Identity as a Service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a Zero Trust Security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console and AWS CLI, and managing developer access to Amazon EC2 instances and the containerized applications that run on them. This session is brought to you by AWS partner, Centrify.
Core strategies to develop defense in depth in AWSShane Peden
Information security guidance and strategies for securing cloud infrastructure in Amazon Web Services, presented by risk3sixty LLC and Afonza. Atlanta based cyber risk management.
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
Forget the geeky analysis of cloud security; risk is driven by people involved and the approach to adoption. In this RSA Conference 2015 presentation, David Etue, VP of Corporate Strategy, Gemalto, reviews the complex issues around data ownership and control in the cloud. When so many people have access to your data, how do you keep it safe? Unshare it!
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
Whether or not you’re in the cloud, your employees are. This brings new challenges for Identity, Security and Compliance teams. Bring the security
of your on-premises systems to your cloud applications — both approved and unapproved — for deeper transparency, comprehensive controls, and
enhanced protection against cloud security issues.
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
Andras Cser, VP Principal Analyst at Forrester Research and Carson Sweet, CEO at CloudPassage discussed a new enterprise security architecture that will:
-Apply elastic compute power, big data, and massively horizontal distribution of security controls and telemetry.
-Automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments.
-Address both data at rest and in motion and create minimal resource impact across environments.
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
As government agencies expand the use of cloud services, security continues to be a top priority for program managers, policymakers, and cloud service providers (CSPs). Governments and agencies worldwide are moving workloads with varying levels of sensitivity to the cloud. This session will feature agency-level security risk management practices and address common myths about security in the cloud. Participants will gain insight into how governments are leveraging cloud computing to improve their security posture and more quickly benefit from economies of scale.
Mark Ryland, Chief Solutions Architect, Amazon Web Services, WWPS
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
Enhance data security with our Data Resilience Cloud. No software/hardware; solve security challenges. Scale resources dynamically. Achieve resilience, efficiency, compliance. Partner with Cuneiform for seamless cloud data protection.
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
Enhance data security with our Data Resilience Cloud. No software/hardware; solve security challenges. Scale resources dynamically. Achieve resilience, efficiency, compliance. Partner with Cuneiform for seamless cloud data protection.
Cloud deployment describes the way a cloud platform is implemented, how it’s hosted, and who has access to it
All cloud computing deployments operate on the same principle by virtualizing the computing power of servers into segmented, software-driven applications that provide processing and storage capabilities
Types are
Public
Private
Hybrid
Community
Security for Effective Data Storage in Multi CloudsEditor IJCATR
Cloud Computing is a technology that uses the internet and central remote servers to maintain data and
applications. Cloud computing allows consumers and businesses to use applications without installation and access their personal
files at any computer with internet access. This technology allows for much more efficient computing by centralizing data
storage, processing and bandwidth. The use of cloud computing has increased rapidly in many organizations. Cloud computing
provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor
in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers
may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of
service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in
other words, “interclouds” or “cloud-of clouds” has emerged recently. This paper surveys recent research related to single and
multi-cloud security and addresses possible solutions. It is found that the research into the use of multicloud providers to maintain
security has received less attention from the research community than has the use of single clouds. This work aims to promote the
use of multi-clouds due to its ability to reduce security risks that affect the cloud computing user.
Let us understand some of the infrastructural and
security challenges that every organization faces today
before delving into the concept of securing the cloud
data lake platform. Though Data lakes provide scalability,
agility, and cost-effective features, it possesses a unique
infrastructure and security challenges.
Security in Clouds: Cloud security challenges – Software as a
Service Security, Common Standards: The Open Cloud Consortium – The Distributed management Task Force – Standards for application Developers – Standards for Messaging – Standards for Security, End user access to cloud computing, Mobile Internet devices and the cloud. Hadoop – MapReduce – Virtual Box — Google App Engine – Programming Environment for Google App Engine.
Review on Security Aspects for Cloud Architecture IJECEIAES
Cloud computing is one of the fastest growing and popular technology in the field of computing. As the concept of cloud computing was introduced in 2006. Since then large number of IT industries join the queue to develop many cloud services and put sensitive information over cloud. In fact cloud computing is no doubt the great innovation in the field of computing but at the same time also poses many challenges. Since a large number of organizations migrate their business to cloud and hence it appears as an attractive target for the malicious attack. The purpose of the paper is to review the available literature for security concerns and highlight a relationship between vulnerabilities, attacks and threats in SaaS model. A mapping is being presented to highlight the impact of vulnerabilities and attacks.
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with
almost no investment in new framework, training new staff, or authorizing new software. Though today
everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business
on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security
assurance to its customers and therefore, businesses are hesitant to accept cloud and the vast benefits that come
along with it. The absence of proper security controls delimits the benefits of cloud. In this paper, a review on
different cloud service models and a survey of the different security challenges and issues while providing
services in cloud is presented .The paper focuses on the security issues specific to service delivery model (SaaS,
IaaS and PaaS) of cloud environment. This paper also explores the various security solutions currently being
applied to protect cloud from various kinds of intruders.
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...ijcnes
Cloud computing provides the capability to use computing and storage resources on a metered basis and reduce the investments in an organization�s computing infrastructure. The spawning and deletion of virtual machines running on physical hardware and being controlled by hypervisors is a cost-efficient and flexible computing paradigm. In addition, the integration and widespread availability of large amounts of sanitized information such as health care records can be of tremendous benefit to researchers and practitioners. However, as with any technology, the full potential of the cloud cannot be achieved without understanding its capabilities, vulnerabilities, advantages, and trade-offs. We propose a new method of achieving the maximum benefit from cloud computation with minimal risk. Issues such as data ownership, privacy protections, data mobility, quality of service and service levels, bandwidth costs, data protection, and support have to be tackled in order to achieve the maximum benefit from cloud computation with minimal risk.
Cloud Security Challenges, Types, and Best Practises.pdfmanoharparakh
Cloud security refers to a collection of security methods used to secure cloud-based infrastructure, applications, and data. The objective is to gain control over data and resources, prevent unauthorized access, preserve data privacy, avoid malicious assaults by external hackers or internal threats, and safeguard cloud workloads from unintentional or deliberate interruption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. Cloud Security www.vastITservices.com
INTRODUCTION TO
CLOUD SECURITY
Regardless of whether your data resides on-premises, in the cloud, or
a combination of both, you are vulnerable to security threats, data breaches,
data loss, and more. Security is often cited as a concern for organizations
who are migrating to the public cloud, but the belief that the public cloud is
not secure is a myth. In fact, the leading public cloud service providers have
built rigorous security capabilities to ensure that your applications, assets,
and services are protected. Security in the public cloud is now becoming
a driver for many organizations, but in a rapidly evolving multicloud
environment, you must keep up with changes that might impact your
security posture.
This eBook outlines the three core recommendations for cloud security
across Amazon Web Services (AWS), Microsoft Azure, and Google
Cloud Platform.
PAGE 2
Azure
3. Cloud Security www.vastITservices.com
SHARING
RESPONSIBILITY
It’s a common misconception that it’s the sole responsibility of public cloud
service providers to safeguard your data and information. According to Gartner,
through 2022, at least 95% of cloud security failures will be the customer’s fault.
Let that sink in for a moment, and think about your cloud environment. Ensuring
the security of one cloud can be a challenge, and if you are a multicloud user,
that challenge becomes exponentially more difficult.
In order to best plan and execute on a security strategy, you must understand
who is responsible. Cloud service providers, such as Amazon Web Services,
have published Shared Responsibility Models to outline the protections that
each party is responsible for. The AWS Shared Responsibility Model is broken
into two categories; security of the cloud which is owned by AWS, and security
in the cloud which is owned by customers. To put it simply, the cloud provider
is responsible for protecting the infrastructure (e.g. hardware, software,
facilities), and in turn, the customer is responsible for the applications, service
configuration, and identity and access management.
Prior to deploying new services and developing applications, it’s recommended
you outline which security requirements your organization is responsible for.
If you’re not a Chief Information Security Officer or security leader, perhaps it
would be valuable to discuss this with them. The last thing you want is to
become part of that 95% statistic.
PAGE 3
1 Gartner, Clouds Are Secure: Are You Using Them Securely?, Jay Heiser, 31 January 2018
2 “Shared Responsibility Model - Amazon Web Services (AWS).” Amazon, aws.amazon.com/compliance/
shared-responsibility-model/.
4. Cloud Security www.vastITservices.comPAGE 4
CENTER FOR
INTERNET SECURITY
BENCHMARKS
DEFINED
The Center for Internet Security (CIS) is a non-profit organization that
publishes standards and best practices for securing IT systems and
data. One type of publication that they provide is a Benchmark, which
is a security configuration guideline that has been tested and proven
by experienced IT professionals.3 CIS is a trusted third-party and
organizations worldwide rely on the 100+ CIS Benchmarks to safeguard
their cloud environments.
Three of these Benchmarks have been created for Amazon Web Services
Foundations, Microsoft Azure Foundations, and Google Cloud Platform
Foundation. Although each of these cloud service providers have unique
recommendations (e.g. Security Center for Azure, and Kubernetes Engine
for Google Cloud Platform etc.), they have three core recommendations
in common: identity and access management, logging and monitoring,
and networking. Within each recommendation, there are a set of controls
that are given a profile level. A Level 1 Profile is a foundational control and
shouldn’t impact business functionality. A Level 2 Profile is for more
in-depth security controls that could have a negative impact if not
implemented properly. To perform an audit of your cloud infrastructure,
you can use the cloud service provider management console, run a series
of commands via the Command Line Interface, or leverage a cloud
management solution to perform an audit on your behalf.
3 Center for Internet Security, www.cisecurity.org/.
5. Cloud Security www.vastITservices.comPAGE 5
1
IDENTITY AND
ACCESS MANAGEMENT
Cloud security starts with properly managing users and access controls.
Without proper identity and access management, users can intentionally or
unintentionally create security flaws with serious implications. The Identity and
Access Management controls take a proactive approach by validating that you
have properly and securely configured access to your cloud environment.
The controls help you stay ahead of breaches by monitoring for
leading indicators such as:
• Misconfigured users (i.e., users not in a group)
• Users with too broad of a span of control
• Users with vulnerable accounts (i.e., multi-factor authentication disabled, etc.)
• Inactive users (i.e., IAM user with access keys that are not being used, etc.)
While it’s always best to catch security vulnerabilities before they are
exploited, it’s prudent to also monitor for events that could turn into
security incidents, or lagging indicators, such as:
• Suspicious activity (e.g., a large volume of instances are launched outside
of normal usage patterns, etc.)
• Changes to security groups or users (e.g., new IAM group or user recently
created or changed, etc.)
SAMPLE AWS
CONTROL
1.3 Ensure credentials
unused for 90 days or greater
are disabled (Scored)
RATIONALE:
Disabling or removing
unnecessary credentials
will reduce the window
of opportunity for
credentials associated
with a compromised or
abandoned account to
be used.
4 CIS Benchmarks, Amazon Web
Services Foundations v1.2.0,
May 23, 2018.
6. Cloud Security www.vastITservices.comPAGE 6
2
LOGGING AND
MONITORING
Without proper audit trails and logs in place, it can be extremely
challenging to identify security incidents, policy violations, fraudulent
activity, and operational problems. In short, root cause analysis and
troubleshooting are greatly helped by log management. To further assist
with monitoring and responding to account activities, controls must be
in place for log metric-filters and alarms. The Logging and Monitoring
controls ensure that logs are collected, stored securely for the proper
amount of time, and are available for analysis when needed.
SAMPLE GOOGLE CLOUD PLATFORM CONTROL
2.10 Ensure log metric filter and alerts exists for Cloud Storage IAM
permission changes (Scored)
RATIONALE:
Monitoring changes to Cloud Storage bucket permissions may reduce
time to detect and correct permissions on sensitive Cloud Storage
bucket and objects inside the bucket.
5 CIS Benchmarks, Google Cloud Platform Foundation v1.0.0, September 05, 2018.
7. Cloud Security www.vastITservices.comPAGE 7
3
NETWORKING
Maintaining a secure perimeter to allow only legitimate traffic onto the network
is critical in both the data center and the cloud. Hacking and phishing are just
a few examples of network security breaches. As organizations continue to
move towards a multicloud model it becomes harder and harder to tell the
difference between legitimate and malicious traffic. The Networking controls are
designed to monitor for security group and network protocol misconfigurations,
such as when a Security Group has too large of an ingress port range. Beyond
measuring for Security Group configurations, you may also want to be notified
when a new Security Group is created, or if a Security Group isn’t being used.
Since a single instance can have many different Security Groups applied to it, it’s
also important to monitor for instances associated with a large number of Groups.
SAMPLE AZURE CONTROL
6.2 Ensure that SSH access is restricted from the internet (Scored)
RATIONALE:
The potential security problem with using SSH over the Internet is that
attackers can use various brute force techniques to gain access to Azure
Virtual Machines. Once the attackers gain access, they can use your virtual
machine as a launch point for compromising other machines on your Azure
Virtual Network or even attack networked devices outside of Azure.
6 CIS Benchmarks, Amazon Web Services Foundations v1.0.0, February 20, 2018
8. Cloud Security www.vastITservices.com
ADDITIONAL
SECURITY
CONSIDERATIONS
Although the CIS Foundations Benchmarks do not have resiliency called out
in its own recommendation section, the ability to recover operations and data
after an outage or data loss event is a key component of world-class security
best practices. Business continuity can span from making sure critical
systems have backups replicated in another region to checking that critical
assets are stored on highly available and redundant infrastructure. Most
organizations will segment their applications and downstream dependent
assets by business criticality, typically onto four levels: mission critical,
business critical, business important, business supporting. Each tier will
have a defined recovery time objective (RTO), recovery point objective
(RPO), and availability SLA. Having a data resiliency strategy is imperative,
and in many cases organizations choose to backup and recover data
between multiple cloud service providers. For example, if AWS is the
primary cloud, an organization may recover to Azure, or Google Cloud
Platform. A multicloud strategy hinges on data and application availability,
resiliency, and security.
PAGE 8
9. Cloud Security www.vastITservices.com
CONCLUSION
Ensuring the security of your public cloud environment is challenging,
and ensuring the security of your multicloud environment can be even
more difficult. Learn how the CloudHealth cloud management platform
can help you mitigate security risks across your multicloud environment.
Learn more by visiting www.vastITservices.com
VAST View™ is a trademark of VAST IT Services.
POWERED BY