Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security From Scratch

Sena Yakut
December 27, 2023
0
80

Cloud Security From Scratch

Sena Yakut

December 27, 2023
Tweet

More Decks by Sena Yakut

See All by Sena Yakut
Securing Large Language Models- Threats and Mitigations
senayakut
0
29
Cloud Security Engineering: The Profession of the Future
senayakut
0
37
Gateway to Cloud Security Heaven: Our AWS Expedition
senayakut
0
280
DevSecOps Best Practices- Secure Everything You Have
senayakut
0
140
Securing The Sky Strategies For Protecting Against Cloud Hacking
senayakut
0
120
Cloud Security 101: Ultimate weapon against cyber threats
senayakut
0
110
Journey to the Cloud: An Introduction and Security Overview
senayakut
0
41
Explore Ten Ways to Secure The Cloud
senayakut
0
59
PartyRock-Your Security Supporters
senayakut
0
48

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Building Adaptive Systems
keathley
38
2.3k
Git: the NoSQL Database
bkeepers
PRO
427
64k
A Tale of Four Properties
chriscoyier
156
23k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
How GitHub (no longer) Works
holman
310
140k
Why Our Code Smells
bkeepers
PRO
334
57k
Automating Front-end Workflow
addyosmani
1366
200k

Transcript

  1. Cloud Security From Scratch Sena Yakut, 2023

  2. About Me Senior Cloud Security Engineer @Lyrebird Studio senayakut.com /sena-yakut

    Security & Identity @sena_yakutt

  3. Cloud Security Challenges - Lots of different environments, - Lots

    of cloud services that we should protect, - Lack of skills, - Lots of cloud security products, struggling to choose which one is the best, - Everyday, a new scenario, - Development is still ongoing, we need to think about security also. - Attackers are fast learners.

  4. Shared Responsibility Model for Cloud

  5. Your To-Do List for an AWS Account Use a distribution

    list for the root account - The most important account for cloud resources, - Phishing is still a most dangerous threat. - Use a group instead of one person. - Store securely the password.

  6. Your To-Do List for an AWS Account Use MFA -

    MFA is not an option, it’s a necessity. - Enable MFA wherever you can. - Use Authenticator apps, OTP tokens, etc. - Use multiple MFA options.

  7. Your To-Do List for an AWS Account Enable AWS CloudTrail

    - Who, when, what? - Focuses on the AWS environment and users, - Configure AWS CloudTrail in all regions enabled, - Store CloudTrail Logs, - Enable log file integrity for your logs.

  8. Your To-Do List for an AWS Account Enable AWS CloudTrail

  9. Your To-Do List for an AWS Account Enable Amazon GuardDuty

    - Threat detection, - Continuous monitoring service, - For your AWS accounts and workloads, - Just a few clicks for enabling, - Actionable results for your environment.

  10. Your To-Do List for an AWS Account Enable Amazon GuardDuty

  11. Your To-Do List for an AWS Account Enable Amazon GuardDuty

  12. Your To-Do List for an AWS Account Centralize Your Security

    Logs - Lots of logs: CloudWatch, Access Logs, CloudTrail, VPC Flow Logs etc. - Centralized storage in different AWS account is important.

  13. Your To-Do List for an AWS Account Centralize Your Security

    Logs

  14. Your To-Do List for an AWS Account Use Infrastructure as

    Code - Minimize the risk of human error, - Increased efficiency, - You’ll code all security best practices once, they can be deployed without any security misconfigurations anytime you want.

  15. Your To-Do List for an AWS Account Use Infrastructure as

    Code IaC security scanning options

  16. Your To-Do List for an AWS Account Review Your Resources

    Regularly - Use CSPM tools, - Review, audit, alert, monitor with different options.

  17. Your To-Do List for an AWS Account Review Your Resources

    Regularly

  18. Your To-Do List for an AWS Account Review Your Resources

    Regularly

  19. Questions?