Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security From Scratch

Sena Yakut
December 27, 2023
78

Cloud Security From Scratch

Sena Yakut

December 27, 2023
Tweet

Transcript

  1. Cloud Security Challenges - Lots of different environments, - Lots

    of cloud services that we should protect, - Lack of skills, - Lots of cloud security products, struggling to choose which one is the best, - Everyday, a new scenario, - Development is still ongoing, we need to think about security also. - Attackers are fast learners.
  2. Your To-Do List for an AWS Account Use a distribution

    list for the root account - The most important account for cloud resources, - Phishing is still a most dangerous threat. - Use a group instead of one person. - Store securely the password.
  3. Your To-Do List for an AWS Account Use MFA -

    MFA is not an option, it’s a necessity. - Enable MFA wherever you can. - Use Authenticator apps, OTP tokens, etc. - Use multiple MFA options.
  4. Your To-Do List for an AWS Account Enable AWS CloudTrail

    - Who, when, what? - Focuses on the AWS environment and users, - Configure AWS CloudTrail in all regions enabled, - Store CloudTrail Logs, - Enable log file integrity for your logs.
  5. Your To-Do List for an AWS Account Enable Amazon GuardDuty

    - Threat detection, - Continuous monitoring service, - For your AWS accounts and workloads, - Just a few clicks for enabling, - Actionable results for your environment.
  6. Your To-Do List for an AWS Account Centralize Your Security

    Logs - Lots of logs: CloudWatch, Access Logs, CloudTrail, VPC Flow Logs etc. - Centralized storage in different AWS account is important.
  7. Your To-Do List for an AWS Account Use Infrastructure as

    Code - Minimize the risk of human error, - Increased efficiency, - You’ll code all security best practices once, they can be deployed without any security misconfigurations anytime you want.
  8. Your To-Do List for an AWS Account Review Your Resources

    Regularly - Use CSPM tools, - Review, audit, alert, monitor with different options.