Cloud Security is YOUR responsibility, not just your service provider! Understand the shared responsibilities of Cloud Computing from the public cloud to application as a service.
Includes a few updates from the Philadelphia session!
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaPatrick Sklodowski
Cloud Security is YOUR responsibility, not just your service provider! Understand the shared responsibilities of Cloud Computing from the public cloud to application as a service
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
Every young company discovers that installing security in place can be expensive. So they need to manage the priorities. In the presentation we discuss the various phases in start-up life cycle and which security controls should be placed on each phase.
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our backend systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology.
But the described changes are being held back, and mostly because of information security. The root cause of the slow adoption of cloud among enterprises is Trust. Challenges around transparency, compliance, standardization and immature technologies are causing lack of trust between cloud stakeholders. And this lack of trust is the number one obstacle facing cloud computing.
So it is time for innovation. There is great demand for new, innovative solutions that will fuel the engines of the industry. Cloud Computing technologies can be innovative and ground breaking, this has been proved before. Today there are many areas where innovative solution can change the way we think and provide security.
In the presentation we will discuss the future of technologies like Identity Management, Encryption, API security and Big Data platforms and evaluate where we should improve the current technologies.
Regarding encryption - we know that current technologies are limited in our options to safe guard keys in virtual environments and that we don’t have solutions for using encryption as a method to increase real multi tenancy, audit and access controls, for all data types. Encryption technology must improve at all levels, starting from key management, file level encryption (IRM solutions) and other new technologies such as Homomorfic encryptions should be developed further to be effective.
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaPatrick Sklodowski
Cloud Security is YOUR responsibility, not just your service provider! Understand the shared responsibilities of Cloud Computing from the public cloud to application as a service
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
Every young company discovers that installing security in place can be expensive. So they need to manage the priorities. In the presentation we discuss the various phases in start-up life cycle and which security controls should be placed on each phase.
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our backend systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology.
But the described changes are being held back, and mostly because of information security. The root cause of the slow adoption of cloud among enterprises is Trust. Challenges around transparency, compliance, standardization and immature technologies are causing lack of trust between cloud stakeholders. And this lack of trust is the number one obstacle facing cloud computing.
So it is time for innovation. There is great demand for new, innovative solutions that will fuel the engines of the industry. Cloud Computing technologies can be innovative and ground breaking, this has been proved before. Today there are many areas where innovative solution can change the way we think and provide security.
In the presentation we will discuss the future of technologies like Identity Management, Encryption, API security and Big Data platforms and evaluate where we should improve the current technologies.
Regarding encryption - we know that current technologies are limited in our options to safe guard keys in virtual environments and that we don’t have solutions for using encryption as a method to increase real multi tenancy, audit and access controls, for all data types. Encryption technology must improve at all levels, starting from key management, file level encryption (IRM solutions) and other new technologies such as Homomorfic encryptions should be developed further to be effective.
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
This presentation discuss how the Israeli banks should cope with the Israeli central bank cloud regulations. In the slide we examine different articles inside the cloud regulation and discuss the challenges and controls to be used.
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
loud computing is evolving fast, and so are the threats and defense tactics. Cloud consumers and providers should always be aware of the latest risks and attack vectors and explore the latest security events to identify new attack vectors. Here, we’ll provide you with a list of the latest threats and discuss their effect on our security posture, and review a recent case study of attacks relevant to those threats.
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
Passing through the Lion’s den – How to sell cloud services to security guys:
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus…
This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
What the auditor need to know about cloud computingMoshe Ferber
As more and more workloads moving to the cloud , more practices need to be developed. ISACA and CSA launched the CCAK certification for auditors, in this presentation I will elaborate on highlight of auditor knowledge in Cloud.
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
In the presentation, we plan to announce the full version of a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with the reduced attack surface.
This presentation includes the concept of cloud security domains, flaws in security approaches, Datacenter requirement,
VMware NSX limitations and a new solution that should have a complete solution. Finally, a guideline to describe how to assessment of micro-segmentation.
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
Have a look at the presentation created by Kaspersky and Waves Enterprise: “Trusted Environment. Blockchain for business: best practices, experience and tips”. It will prove valuable and thought-provoking to everyone who wants to learn more about how to ensure the security of blockchain-based projects.
Here you will find about:
- Modern enterprise blockchain platforms. We’ll tell you what they are, which tasks they solve, and what use cases are in demand.
- Security of corporate blockchain platforms. Let's analyze the main surfaces and attack vectors.
- Application Security Assessment based on the Waves Enterprise case study. You will see how the assessment works, what vulnerabilities were identified and how Waves Enterprise fixed them.
- How to design a secure solution based on a blockchain platform.
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
This presentation discuss how the Israeli banks should cope with the Israeli central bank cloud regulations. In the slide we examine different articles inside the cloud regulation and discuss the challenges and controls to be used.
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
loud computing is evolving fast, and so are the threats and defense tactics. Cloud consumers and providers should always be aware of the latest risks and attack vectors and explore the latest security events to identify new attack vectors. Here, we’ll provide you with a list of the latest threats and discuss their effect on our security posture, and review a recent case study of attacks relevant to those threats.
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
Passing through the Lion’s den – How to sell cloud services to security guys:
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus…
This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
What the auditor need to know about cloud computingMoshe Ferber
As more and more workloads moving to the cloud , more practices need to be developed. ISACA and CSA launched the CCAK certification for auditors, in this presentation I will elaborate on highlight of auditor knowledge in Cloud.
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
In the presentation, we plan to announce the full version of a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with the reduced attack surface.
This presentation includes the concept of cloud security domains, flaws in security approaches, Datacenter requirement,
VMware NSX limitations and a new solution that should have a complete solution. Finally, a guideline to describe how to assessment of micro-segmentation.
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
Have a look at the presentation created by Kaspersky and Waves Enterprise: “Trusted Environment. Blockchain for business: best practices, experience and tips”. It will prove valuable and thought-provoking to everyone who wants to learn more about how to ensure the security of blockchain-based projects.
Here you will find about:
- Modern enterprise blockchain platforms. We’ll tell you what they are, which tasks they solve, and what use cases are in demand.
- Security of corporate blockchain platforms. Let's analyze the main surfaces and attack vectors.
- Application Security Assessment based on the Waves Enterprise case study. You will see how the assessment works, what vulnerabilities were identified and how Waves Enterprise fixed them.
- How to design a secure solution based on a blockchain platform.
For any organization managed security services play an important role in enhancing the security posture, alerting against top vulnerabilities along with rapid and anywhere deployment.
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
Make sure you exercise due diligence when selecting a cloud service provider.
Make sure the cloud environment supports the regulatory requirements of your industry and data.
Conduct data classification to understand the sensitivity of your data before moving to the cloud.
Clearly define who owns the data and how it will be “returned” to you and the timing in the event you cancel your agreement.
Understand if you are leveraging the cloud in IaaS, PaaS, SaaS or other model.
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
The Amazon Web Services (AWS) cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. However, because you’re building systems on top of the AWS cloud infrastructure, the security responsibilities will be shared: AWS has secured the underlying infrastructure and you must secure anything you put on the infrastructure. Alert Logic has more than a decade of experience implementing cloud solutions that are secure, flexible and designed to work with hosting and cloud service providers.
In this webinar, you'll learn from Alert Logic strategies for making this shared security model work for your web applications. The webinar includes a live demo of Alert Logic Web Security Manager. In this webinar, you’ll learn:
- How to access Alert Logic Web Security Manager via AWS Marketplace for the quickest and easiest path to web application protection
- How to integrate web application security in your AWS environment
- An attractive approach to auto scaling web security
Shared responsibility - a model for good cloud securityAndy Powell
An overview of the shared responsibility model that is typically adopted by cloud providers and its impact on the way that Jisc members should build secure solutions in public cloud.
Whether you’re just beginning to explore cloud computing or adopting it at enterprise-scale, it is important to build security into your architecture. But gone are the days of manual security audits that slow down agile development. Your modern continuous integration and continuous delivery architecture demands continuous security that doesn’t hinder DevOps. In this session, we’ll share tips to help your organization embrace DevSecOps. Presented by RedLock.
by Varun Badhwar, CEO & Co-founder, RedLock
Whether you’re just beginning to explore cloud computing or adopting it at enterprise scale, it is important to build security into your architecture. Gone are the days of manual security audits that slow down agile development. Your modern continuous integration and continuous delivery architecture demands continuous security that doesn’t hinder DevOps. In this session, we’ll share tips to help your organization embrace DevSecOps. Presented by RedLock.
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
- Design a workload-centric security architecture
- Improve visibility of AWS-only or hybrid environments
- Stop patching live instances but still prevent exploits
Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Presenters
2
John LaVigne, a Systems Engineer for Fortinet, has over
15 years of experience in the network field. His focus today
is on network security solutions for customers. John has
previously worked in a number of project delivery roles in
networking, security and messaging.
Nick Sandone is a System Architect with Square10
Solutions. His areas of expertise include network design
and optimization, advanced threat protection, enterprise
monitoring, and securing cloud and hybrid networks. Nick
has diverse experience having worked in industries ranging
from legal, engineering and healthcare to cloud-based
supply chain management.
Patrick Sklodowski, a Principal with Square10 Solutions,
is a proven technology professional with over two decades
of expertise. He works with clients to provide solutions
focused on strategic delivery and the alignment of
technology with business requirements. His areas of
specialty include system architecture, delivery of cloud
solutions, messaging, technical project management,
disaster recovery and complex migrations.
3. Cloud Security = Shared Responsibility
3
• Know Your Role and Responsibilities!
• Responsibility dependent on:
• Type of service
• Delivery model
• Service provider
Courtesy of AWS
6. Host Infrastructure
6
• Secure the virtual device like it’s
“within your walls”
• AV & threat protection
• Patching
• Application updates
• Host encryption
7. Network Controls
7
• What can we expect from CSP?
• Provide the infrastructure
• Protect their infrastructure
• Basic built-in tools for customer
8. Network Controls
8
• CSP Provides
• Virtual Networking
• Load Balancing
• DNS
• Gateway
• VPN
• Network Security Groups (group of ACLs)
• Basic NAT or PAT
• Basic port open port closed
• Logical Network Segmentation
9. Network Controls
9
• Customer Responsibility
• Next Generation Firewall (NGFW)
• Web Application Firewall (WAF)
• Route all traffic through NGFW
• Access Management
• Consider 2FA
• Interrogate/Inspect traffic
• AV/Malware/IPS/DLP
• Log and monitor traffic
• Encrypt traffic
10. Application Level Controls
10
• Infrastructure as a Service (IaaS)
• We install the applications, we must
security them!
• Platform as a Service (PaaS)
• SQL
• Web Services
• PaaS protection through
• Application level “firewall” settings
• Identity management
• SAML
• Azure Active Directory
“Because you’re building systems on top of the AWS
cloud infrastructure, the security responsibilities will
be shared: AWS manages the underlying
infrastructure, and you secure anything you put on
the infrastructure or connect to the infrastructure.”
- Amazon Web Services
“Sharing the Security Services”
11. Identity & Access Management
11
• Access and authorization
• Identity protection
• Service management through user access
• Tools
• Multi Factor Authentication
• Same sign on / Single sign on
• Identity providers / SAML
• Roles
• Auditing and alerting
• Conditional access
12. Single Sign On and Identity Management
12
• More password = less secure passwords
• Identity providers – OKTA, Duo,
Microsoft, OneLogin
• Regardless of Identity Solution
• Every business needs to be setup in
Microsoft Azure Active Directory
• Most businesses should be federated
with Azure Active Directory
• Enables
• Windows Store for Business
• Identity management
• Keeps users away from consumer
accounts!
13. Client & End-point Protection
13
• End-points are always our responsibility
• How end point connects determines risk
• PaaS is probably connected to my network
• IaaS same risks as on-prem
• SaaS more likely app or browser based
devices won’t directly access systems
• Device has access to data flowing through it!
• Advanced threat protection
• Microsoft Defender and Intune
• Cylance
• Carbon Black
14. Data Classification & Accountability
14
• Compliance obligations
• Distinguish - and potentially secure - sensitive
data
• SaaS - capabilities aren’t meaningful without
classification – Digital Loss Prevention
• PaaS & IaaS – Data management fully your
responsibility
• Backups
• Encryption
15. Resources
15
• Data Classification for Cloud Computing
• http://aka.ms/dataclassificationforcloud
• The ABC’s of the Share Responsibility Model
• https://www.trendmicro.com/aws/aws-shared-security-model/
• Microsoft Incident Response and shared responsibility for cloud computing
• https://azure.microsoft.com/en-us/blog/microsoft-incident-response-and-shared-responsibility-for-cloud-computing/
• What Does Shared Responsibility in the Cloud Mean
• https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/
• Shared Responsibility Model
• https://aws.amazon.com/compliance/shared-responsibility-model/
• Everything you need to know about Microsoft Azure security
• https://channel9.msdn.com/Events/Ignite/Microsoft-Ignite-Orlando-2017/BRK2210