Slide 1

Slide 1 text

@krol_valencia Security in Cloud Carol Valencia

Slide 2

Slide 2 text

@krol_valencia Carol Valencia Solution Architect in in/carolgv krol3 @krol_valencia 2

Slide 3

Slide 3 text

@krol_valencia New scenery after Covid “work-from-home isn’t an option for us” “we aren’t interested in shifting operations to the cloud.” “The pandemic drove a massive shift towards remote work. "it was a case of ‘do or die.’ 3

Slide 4

Slide 4 text

@krol_valencia Trends in Cyber Security 1. Common cyber-threats (phishing, ransomware, trojans, etc) 2. Fileless Attacks 3. Cloud and Remote Service Attacks (Server applications, containers and cloud storage) 4. Business Process Compromises 5. Customized Payloads 4 https://www.infosecurity-magazine.com/blogs/five-cyber-threats-2021/

Slide 5

Slide 5 text

@krol_valencia 1. Data Breaches 2. Misconfiguration 3. Lack of cloud security architecture and strategy 4. Insufficient identity, credential, access and key management 5. Account hijacking 6. Insider threat 7 Insecure interfaces and APIs 8. Weak control plane 9. Metastructure and applistructure failures 10. Limited cloud usage visibility 11. Abuse and nefarious use of cloud services Cloud Security Alliance (CSA) Top threats 5

Slide 6

Slide 6 text

@krol_valencia Security Responsability in the Cloud 6

Slide 7

Slide 7 text

@krol_valencia 7 https://blog.ine.com/13-effective-security-controls-in-microsoft-azure-for-iso-27001-compliance

Slide 8

Slide 8 text

@krol_valencia 8 https://blog.aquasec.com/cloud-workload-protection-cwpp-vm-security

Slide 9

Slide 9 text

@krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security Data Protection Threat Modeling Services & App

Slide 10

Slide 10 text

@krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security 10 Confidentiality - CIA

Slide 11

Slide 11 text

@krol_valencia NIST Encryption Key Lifecycle 11 https://blog.ine.com/confidentiality-securing-your-keys-in-azure

Slide 12

Slide 12 text

@krol_valencia 12 Protect data-at-rest Protect data-in-transit Encrypt all customer data https://cryptosense.com/cloud-cryptography-comparison/

Slide 13

Slide 13 text

@krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security 13 Integrity - CIA

Slide 14

Slide 14 text

@krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security 14 Availability - CIA

Slide 15

Slide 15 text

@krol_valencia 15 https://holisticsecurity.io/2020/02/10/security-along-the-container-based-sdlc Secure SDLC

Slide 16

Slide 16 text

@krol_valencia Misconfigured Cloud Resources 16

Slide 17

Slide 17 text

@krol_valencia 17 Static Code Analysis for Infrastructure as Code

Slide 18

Slide 18 text

@krol_valencia 18 Salesforce/policy_sentry cloudsplaining Least Privilege Using Infrastructure as Code

Slide 19

Slide 19 text

@krol_valencia CIS Benchmark OS - Configuration - Updates - Filesystem integrity - Boot settings Docker docker/docker- bench-security Kubernetes aquasecurity/kub e-bench aquasecurity/kub e-hunter 19

Slide 20

Slide 20 text

@krol_valencia CASB, CSPM, CWPP emerge as future of cloud security 20 https://searchcloudsecurity.techtarget.com/feature/CASB-CSPM-CWPP-emerge-as-future-of-cloud- security

Slide 21

Slide 21 text

“ @krol_valencia There is synergy in combining CWPP and CSPM capabilities. 21 www.gartner.com

Slide 22

Slide 22 text

@krol_valencia There is synergy in combining CWPP and CSPM capabilities… that scans workloads and configurations in development and protect workloads and configurations at runtime CSPM DevSecOps CWPP 22 2020 Market Guide for CWPP, Apr. 2020, by Neil MacDonald and Tom Croll

Slide 23

Slide 23 text

“ @krol_valencia CWPPs should provide consistent visibility and control for physical machines, virtual machines (VMs), containers and serverless workloads, regardless of location. 23 Gartner, Market Guide for Cloud Workload Protection Platforms, Published 14 April 2020

Slide 24

Slide 24 text

@krol_valencia 24

Slide 25

Slide 25 text

@krol_valencia 25 https://github.com/aquasecurity/cloudsploit Cloud Secure Posture Management

Slide 26

Slide 26 text

@krol_valencia Resources - https://docs.microsoft.com/en-us/azure/cloud- adoption-framework/ - https://blog.aquasec.com/docker-1.11-and-cis- benchmark-whats-new-in-security - https://blog.aquasec.com/cloud-workload- protection-cwpp-vm-security - https://searchcloudsecurity.techtarget.com/featu re/CASB-CSPM-CWPP-emerge-as-future-of- cloud-security 27

Slide 27

Slide 27 text

@krol_valencia Obrigada! Perguntas? 28 in/carolgv krol3 @krol_valencia