Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Security.

Published byCoral Booth Modified over 5 years ago

Similar presentations

Presentation on theme: "Cloud Security."— Presentation transcript:

1 Cloud Security

2 Agenda Amazon Web Services (AWS) Shared Responsibility Model Azure ….
Network Security Access Controls Audit Controls

3 AWS Shared Responsibility Model
-- hardening

4 Azure Security Design and operational security
Design and operational security -- security development lifecycle for their software. Identity and access -- MFA, AD Encryption & key management -- Azure key vault, IPSec protocol for data in transit, encryption for data at rest Penetration testing -- does themselves, has policy for you to do it Network security --Azure virtual network (own datacenter, private IP space, subnets and access control policies) Threat management --Microsoft Antimalware Monitoring, Logging and reporting Azure enables you to collect security events from Azure IaaS and PaaS. You can then use HDInsight to aggregate and analyze these events, and export them to on-premises security information and event management systems for ongoing monitoring. For applications that are deployed in Azure and virtual machines created from the Azure Virtual Machines Gallery, Azure enables a set of operating system security events by default

5 AWS Management Console
Ways to secure? admin End users admin End users WAF corporate data center VPC subnet security group AWS Management Console Web/app EBS EC2 Web/App S3 AMI Database RDS virtual private cloud Limit attack vectors Same: Application, OS, DB (access, audit) Differ: ‘homogenous’ environment (network) Secure backups Same: encryption Differ: Volumes, Snapshots vs. physical security Internal vs. external Same: insider threat, external hackers, bots Differ: automation

6 Network controls Capabilities Constraints VPC Direct connect Subnets
Route Tables NACLs Security Groups Monitoring IPS/IDS Human error Human error e.g. security groups wide open, enabling public IPs on ‘private’ services

7 Access controls Capabilities Constraints IAM STS Encryption
Users, roles, groups Instance profiles STS Encryption KMS, HMS SSL Server-side vs. client-side Account specific IAM Region specific KMS Human error Human error – e.g. sharing keys, publishing access keys on github,

8 Audit Controls Capabilities Constraints CloudTrail Config Inspector
CloudWatch + CloudTrail + Lambda AWS API only Human error – e.g. sharing keys, publishing access keys on github,

9 Takeaways – checklist from system perspective
Define use cases Role based access control Authentication mechanism? Authorization mechanism? Audit mechanism? Encryption at rest Encryption in transit Domain boundary controls What can be automated? How can that be protected and audited?

10 Takeaways – checklist for evaluating service
Access controls? Audit controls? Encryption of data at rest (including backups)? Encryption of data in transit? Network controls? Limits? Example of limit – S3 logging cannot be encrypted. S3 bucket name obfuscation. Route 53 DNS name hashing. SNS spam protection.

Download ppt "Cloud Security."

Similar presentations

Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud
The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.

The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
AWS Simple Icons v15.9 AWS Simple Icons: Usage Guidelines Check to make sure you have the most recent set of AWS Simple Icons This version was last updated.

AWS Simple Icons v15.9 AWS Simple Icons: Usage Guidelines Check to make sure you have the most recent set of AWS Simple Icons This version was last updated.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.

Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.
Ahsay 101.  Software company, based in Hong Kong  Founded in 1999  Sells direct to customers and through partners.

Ahsay 101.  Software company, based in Hong Kong  Founded in 1999  Sells direct to customers and through partners.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.

WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
S3 Lifecycle Policies to Glacier

S3 Lifecycle Policies to Glacier
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.
MODULE #8 – Amazon Machine Image [AMI] AWS Administration SUVEN IT  How to create an AWS account ?  How to manage an AWS Console?  Navigating the AWS.

MODULE #8 – Amazon Machine Image [AMI] AWS Administration SUVEN IT  How to create an AWS account ?  How to manage an AWS Console?  Navigating the AWS.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
Calgary Oracle User Group

Calgary Oracle User Group
AWS BEST PRACTICES Module 3: Security in AWS July 2017.

AWS BEST PRACTICES Module 3: Security in AWS July 2017.
CLOUD SECURITY Timothy Brown Director, Security & Virtualization

CLOUD SECURITY Timothy Brown Director, Security & Virtualization
AWS Simple Icons v AWS Simple Icons: Usage Guidelines

AWS Simple Icons v AWS Simple Icons: Usage Guidelines
Microsoft Azure Virtual Machines

Microsoft Azure Virtual Machines
THE BATTLE OF CLOUDS Openstack vs. Amazon

THE BATTLE OF CLOUDS Openstack vs. Amazon

Similar presentations

Ads by Google