Security in Cloud using Infrastructure as a Code (IaaS)

Transcript

1. @krol_valencia Security in Cloud Carol Valencia

2. @krol_valencia Carol Valencia Solution Architect in in/carolgv krol3 @krol_valencia 2

3. @krol_valencia New scenery after Covid “work-from-home isn’t an option for

   us” “we aren’t interested in shifting operations to the cloud.” “The pandemic drove a massive shift towards remote work. "it was a case of ‘do or die.’ 3

4. @krol_valencia Trends in Cyber Security 1. Common cyber-threats (phishing, ransomware,

   trojans, etc) 2. Fileless Attacks 3. Cloud and Remote Service Attacks (Server applications, containers and cloud storage) 4. Business Process Compromises 5. Customized Payloads 4 https://www.infosecurity-magazine.com/blogs/five-cyber-threats-2021/

5. @krol_valencia 1. Data Breaches 2. Misconfiguration 3. Lack of cloud

   security architecture and strategy 4. Insufficient identity, credential, access and key management 5. Account hijacking 6. Insider threat 7 Insecure interfaces and APIs 8. Weak control plane 9. Metastructure and applistructure failures 10. Limited cloud usage visibility 11. Abuse and nefarious use of cloud services Cloud Security Alliance (CSA) Top threats 5

6. @krol_valencia Security Responsability in the Cloud 6

7. @krol_valencia 7 https://blog.ine.com/13-effective-security-controls-in-microsoft-azure-for-iso-27001-compliance

8. @krol_valencia 8 https://blog.aquasec.com/cloud-workload-protection-cwpp-vm-security

9. @krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security Data Protection Threat Modeling Services & App

10. @krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security 10 Confidentiality - CIA

11. @krol_valencia NIST Encryption Key Lifecycle 11 https://blog.ine.com/confidentiality-securing-your-keys-in-azure

12. @krol_valencia 12 Protect data-at-rest Protect data-in-transit Encrypt all customer data

    https://cryptosense.com/cloud-cryptography-comparison/

13. @krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security 13 Integrity - CIA

14. @krol_valencia https://blog.ine.com/what-is-the-goal-of-azure-security 14 Availability - CIA

15. @krol_valencia 15 https://holisticsecurity.io/2020/02/10/security-along-the-container-based-sdlc Secure SDLC

16. @krol_valencia Misconfigured Cloud Resources 16

17. @krol_valencia 17 Static Code Analysis for Infrastructure as Code

18. @krol_valencia 18 Salesforce/policy_sentry cloudsplaining Least Privilege Using Infrastructure as Code

19. @krol_valencia CIS Benchmark OS - Configuration - Updates - Filesystem

    integrity - Boot settings Docker docker/docker- bench-security Kubernetes aquasecurity/kub e-bench aquasecurity/kub e-hunter 19

20. @krol_valencia CASB, CSPM, CWPP emerge as future of cloud security

    20 https://searchcloudsecurity.techtarget.com/feature/CASB-CSPM-CWPP-emerge-as-future-of-cloud- security

21. “ @krol_valencia There is synergy in combining CWPP and CSPM

    capabilities. 21 www.gartner.com

22. @krol_valencia There is synergy in combining CWPP and CSPM capabilities…

    that scans workloads and configurations in development and protect workloads and configurations at runtime CSPM DevSecOps CWPP 22 2020 Market Guide for CWPP, Apr. 2020, by Neil MacDonald and Tom Croll

23. “ @krol_valencia CWPPs should provide consistent visibility and control for

    physical machines, virtual machines (VMs), containers and serverless workloads, regardless of location. 23 Gartner, Market Guide for Cloud Workload Protection Platforms, Published 14 April 2020

24. @krol_valencia 24

25. @krol_valencia 25 https://github.com/aquasecurity/cloudsploit Cloud Secure Posture Management

26. @krol_valencia Resources - https://docs.microsoft.com/en-us/azure/cloud- adoption-framework/ - https://blog.aquasec.com/docker-1.11-and-cis- benchmark-whats-new-in-security - https://blog.aquasec.com/cloud-workload-

    protection-cwpp-vm-security - https://searchcloudsecurity.techtarget.com/featu re/CASB-CSPM-CWPP-emerge-as-future-of- cloud-security 27

27. @krol_valencia Obrigada! Perguntas? 28 in/carolgv krol3 @krol_valencia