Upload
francois-boucher
View
74
Download
0
Embed Size (px)
Citation preview
Cloud SecurityWhat’s so Funny About PaaS Love & Understanding?
About Us
[email protected]/in/ismail-jaghmani-58a3858
Frank BoucherCloud Solution Architect Microsoft Azure MVP P-Seller Technical Solution Professional
Ismail JaghmaniSr. Cloud Developer
[email protected]/in/fboucherosfrankysnotes.com
Agenda
l Quick Context of Security in the cloudl General Best Practicesl Networking Servicesl Security and Identity Servicesl Management Tools
SECURITY IS A HOT TOPIC
Security is Shared Responsibility
Cloud ProviderCustomer
Application & Data
Identity & Access Management
Operating System, Network & firewall configuration
Compute Storage Databases
Availability
Zones Regions
Services
Cloud Infrastructure
Application and Data Security Best Practices
l Enforce multi-factor authentication
l Use role based access control
l Use hardware security modules
l Manage with Secure Workstations
l Enable data encryption
Network Services
AWS
Virtual Private Cloud (VPC)
Azure
Virtual Network
Description
-Network isolation. -Defined rules to satisfy your security needs.-Filter and inspect the outbound and inbound traffic.
ExpressRouteDirect ConnectEstablishes a dedicated, private
network connection from a location to the cloud.
Identity Management
AWS
Identity & Access Management
Azure AD/Role-based access control
AzureDescription
Provides fine-grained access to resources in could.
Multi-Factor AuthenticationMulti-Factor
AuthenticationMore than one method of
authentication.
Azure Active Directory
AWS IAM
Tools and Data protection
AWS
Encryption Encryption
DescriptionClient Side Encryption
Data in transit encryptionStorage encryption
VM encryption
Key VaultKey management
servicesCloudHSM
Creates, controls, and protects encryption keys. HSM provides hardware-based key storage.
Inspector Security CenterAutomatically assess Network,
VMs, OS and applications configuration for
vulnerabilities or deviations from best practices.
Azure
Azure Security Center
AWS Inspector
Tools and Data protection
AWS
CloudTrail CloudWatch
Description
Collect, track, store, analyze, and deliver metrics and log files.
Trusted Advisor
Provides analysis of cloud resource configuration and
security in compliance with the best practices.
Availability, Performance, Security and cost.
Azure
Log Analytics
Advisor
Log Analytics
CloudWatch
AWS Advisor
Azure Advisor
References
● Common Vulnerabilities and Exposures https://cve.mitre.org/index.html
● Center for Internet Security (CIS) Benchmarkshttps://benchmarks.cisecurity.org
● Azure security best practices and patterns https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patterns
● Microsoft Docshttps://docs.microsoft.com