Presentation is loading. Please wait.

Presentation is loading. Please wait.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Published byJuniper Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,"— Presentation transcript:

1 12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead, Atigeo @cloudronin

2 Step 1: Know your responsibility Cloud providers are responsible for some parts of the infrastructure stack. The other parts of the security stack is your responsibility. You are usually responsible for Application Security, Policies and configuration, machine images etc.

3 Step 2. Protect your Network Use Defense in Depth and services like: Virtual Private Clouds Network ACLs Routing rules Proxy Servers NAT Firewalls Application Host Network

4 Step 3: Protect your Machine Images Be sure your harden your images first Turn off insecure ports and services Change default passwords. Install AV Software Consider using a Baseline

5 Step 4: Protect your Data at Rest Know the different Cloud storage mechanisms and their Security implications. De-Identify when possible Understand the choices of Encryption primitives like key strength and Ciphers types. Don’t forget Secure Archival and Disposal of Data.

6 Step 5: Protect your Data in Transit Use secure application protocols whenever possible. TLS SSH RDP Securely Tunnel traffic when not possible: IPSEC SSL VPN SSH Use a Key Management System

7 Step 6: Protect and Patch your Instances Define and Categorize Cloud based assets Watch out for Zero Days Classify Risk Patch Affected Systems Use a Configuration Management System

8 Step 7: Protect Access to your Instances Create Individual User accounts Use Role based Access Grant Least privilege based on Business Need Enable Multi-Factor Authentication for Privileged Users Audit all User Activity Federate all User Access through a Directory Service

9 Step 8: Protect your Applications Implement AAA (Authentication, Authorization and Auditing). Familiarize yourself with the OWASP Top 10 Application Security Flaws. Follow Secure Development Best Practices.

10 Step 9: Audit and Monitor your Cloud Gather monitoring data at a secure and separate Network Establish baselines Monitor all layers and Protocols Deploy the IDS behind the Network firewall Fine tune alert levels Use redundant alerting channels

11 Step 10: Validate your Protection Test Network, Infrastructure and Applications separately for Security Vulnerabilities periodically Check for Input validation, session manipulation, authentication and information leakage Use 3 rd Party Tools where possible

12 Step 11: Automate Everything Use a Configuration Management System Employ Continuous Integration and Delivery. Automated Provisioning helps: Documentation BCP/DR Planning Change Management Treat Infrastructure as Code.

13 Step 12: Update your Security Policy Define security scope and boundaries Select proper risk Assessment Methodology. Align policies to Contractual Obligations Choose a suitable Security control framework

14 Step 13 ? There is no magic bullet! Some things are easier and some are harder in the Cloud Conventional security and compliance concepts still apply in the cloud. The 12 Steps will get your started on your continuous security improvement cycle

15 Resources  https://s3.amazonaws.com/awsmedia/AWS_Security_Best_Practices.pdf https://s3.amazonaws.com/awsmedia/AWS_Security_Best_Practices.pdf  http://checklists.nist.gov/ http://checklists.nist.gov/  https://www.us-cert.gov/ https://www.us-cert.gov/  https://www.owasp.org/index.php/Top_10_2013-Top_10 https://www.owasp.org/index.php/Top_10_2013-Top_10  https://www.cert.org/incident-management/ https://www.cert.org/incident-management/  http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html  https://en.wikipedia.org/wiki/Penetration_test https://en.wikipedia.org/wiki/Penetration_test  http://www.drdobbs.com/architecture-and-design/top-10-practices-for- effective-devops/240149363 http://www.drdobbs.com/architecture-and-design/top-10-practices-for- effective-devops/240149363  https://en.wikipedia.org/wiki/Information_security_management_system https://en.wikipedia.org/wiki/Information_security_management_system

16 Thank You Vishnu Vettrivel Principal Engineering Lead, Atigeo @cloudronin @atigeo xpatterns.com linkedin.com/ company/atigeo

Download ppt "12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,"

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Similar presentations

Ads by Google