Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Explore Ten Ways to Secure The Cloud

Sena Yakut
December 16, 2023
55

Explore Ten Ways to Secure The Cloud

Sena Yakut

December 16, 2023
Tweet

Transcript

  1. • Senior Cloud Security Engineer @Lyrebird Studio • DevSecOps Team

    Lead & Senior CloudSec Engineer @PurpleBox • Cyber Security & CloudSec Engineer @Vestel • Master @Ege University About me! senayakut.com /sena-yakut Security & Identity @sena_yakutt
  2. • Cloud security statistics • Do not use publicly accessible

    cloud resources • Be careful in IAM • Encrypt your data • Use CSPM tools • Secure your endpoints • Enable logging & monitoring & alerting • Use threat intelligence solutions • Prepare a vulnerability management plan • Train your staff • Prepare an incident response plan OVERVIEW
  3. Do not use publicly accessible cloud resources •Data protection. •Our

    data is our data. •Minimizing attack surface. •Avoiding Accidental Exposure (your config files, credentials, PII files etc.). •Cloud providers are more solution-oriented for this: •S3 private by default.
  4. Do not use publicly accessible cloud resources •Deny all access.

    •Use VPN restrictions for your cloud resources. •Do not use open ports for your management. •Do not use publicly accessible admin panels or internal services. •Review your cloud resources regularly for accidental public operations.
  5. Do not use publicly accessible cloud resources • Pegasus Airlines

    Leaked 6.5TB of Data in AWS S3 Bucket Mess Up • more than 3 million sensitive flight data files, including flight charts/revisions, pre-flight checks-related issues’ details • more than 1.6 million files contained the airline crew’s PII
  6. Do not use publicly accessible cloud resources • Twilio: An

    exposed S3 bucket enables attackers to inject malicious code • TaskRouter JS SDK Security Incident • not properly configured the access policy for one of AWS S3 buckets
  7. Be careful in IAM •Identity and Access Management is the

    key for cloud resources. •Always follow the “at least privilege principle” •Always start with deny. •Use conditions for restrictions. •Do not hardcode any IAM credentials (AWS access key, secret key..)
  8. Be careful in IAM •Always think SSO (Single Sign On).

    •Always enable MFA. •Use temporary credentials for access (roles, policies, session tokens.) •Regularly review your IAM components. •Use automation for controls and denies.
  9. Encrypt your data •Encrypt everything. •Encryption in rest. • Databases,

    objects, etc. •Encryption in transit. • HTTPS –TLS configs.
  10. Use CSPM tools •Cloud Security Posture Management = visibility. •Identify

    security violations. •Monitor security regulations & policies. •Identify unused resources. •Remediation is easier.
  11. Use CSPM tools •Prowler •ScoutSuite •CloudSploit • Security Auditor Role.

    • You need to prioritize findings based on your needs.
  12. Secure your endpoints •API security is still an issue. •We

    need to be careful about our external endpoints. •Always think about using internal services first. •Open ports •Scan endpoints continuously, and ensure systems can analyze and respond to anomalous behavior. •Patching regularly.
  13. Enable logging & monitoring & alerting •Log & monitor everything

    that could be an anomaly for your system. •Incident Detection. •Performance Monitoring: Helps in monitoring system performance and can alert to anomalies that might signify a security issue, such as a denial-of-service attack.
  14. Enable logging & monitoring & alerting •Accountability and Forensics: In

    the event of a breach, logs are essential for understanding what happened. •User Behavior Analytics: Normal user or account breaching. •Compliance: Meets regulatory and compliance requirements
  15. Use threat intelligence solutions •Threat intelligence solutions are essential for

    cloud security. •With AI, we’re stronger in security. •Threat awareness. •Security posture improvement. •Risk assessment.
  16. Prepare a vulnerability management plan •Lots of cloud services, and

    lots of vulnerabilities. •We need a plan for prioritization, assessment, and all processes.
  17. Train your staff •Training is everything for cloud security. •Lack

    of skills. •Every day, there is a new update in the cloud, in the services. •Lots of services, lots of features. •Lots of cloud providers!
  18. Prepare an incident response plan •Rapid response to security incidents.

    •Structured and organized approach. •Adaptability to emerging threats.