Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security in Cloud using Infrastructure as a Cod...

Carol
December 03, 2020

Security in Cloud using Infrastructure as a Code (IaaS)

Infrastructure security as code

Explore security tools to evaluate misconfigurations in the infrastructure or services used in the cloud provider. Show how can we automate controls to prevent security incidents and implement DevSecOps best practices in our infrastructure delivery cycle.

Carol

December 03, 2020
Tweet

More Decks by Carol

Other Decks in Technology

Transcript

  1. @krol_valencia New scenery after Covid “work-from-home isn’t an option for

    us” “we aren’t interested in shifting operations to the cloud.” “The pandemic drove a massive shift towards remote work. "it was a case of ‘do or die.’ 3
  2. @krol_valencia Trends in Cyber Security 1. Common cyber-threats (phishing, ransomware,

    trojans, etc) 2. Fileless Attacks 3. Cloud and Remote Service Attacks (Server applications, containers and cloud storage) 4. Business Process Compromises 5. Customized Payloads 4 https://www.infosecurity-magazine.com/blogs/five-cyber-threats-2021/
  3. @krol_valencia 1. Data Breaches 2. Misconfiguration 3. Lack of cloud

    security architecture and strategy 4. Insufficient identity, credential, access and key management 5. Account hijacking 6. Insider threat 7 Insecure interfaces and APIs 8. Weak control plane 9. Metastructure and applistructure failures 10. Limited cloud usage visibility 11. Abuse and nefarious use of cloud services Cloud Security Alliance (CSA) Top threats 5
  4. @krol_valencia CIS Benchmark OS - Configuration - Updates - Filesystem

    integrity - Boot settings Docker docker/docker- bench-security Kubernetes aquasecurity/kub e-bench aquasecurity/kub e-hunter 19
  5. @krol_valencia CASB, CSPM, CWPP emerge as future of cloud security

    20 https://searchcloudsecurity.techtarget.com/feature/CASB-CSPM-CWPP-emerge-as-future-of-cloud- security
  6. @krol_valencia There is synergy in combining CWPP and CSPM capabilities…

    that scans workloads and configurations in development and protect workloads and configurations at runtime CSPM DevSecOps CWPP 22 2020 Market Guide for CWPP, Apr. 2020, by Neil MacDonald and Tom Croll
  7. “ @krol_valencia CWPPs should provide consistent visibility and control for

    physical machines, virtual machines (VMs), containers and serverless workloads, regardless of location. 23 Gartner, Market Guide for Cloud Workload Protection Platforms, Published 14 April 2020