Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security From Scratch

Avatar for Sena Yakut Sena Yakut
December 27, 2023
0
83

Cloud Security From Scratch

Avatar for Sena Yakut

Sena Yakut

December 27, 2023
Tweet

More Decks by Sena Yakut

See All by Sena Yakut
Falling in Love with the Cloud – Securely
Avatar for Sena Yakut senayakut
0
31
Amazon GuardDuty Energy - I See It. I Flag It. I Block It
Avatar for Sena Yakut senayakut
0
40
Exploring Innovations in Cloud Technologies
Avatar for Sena Yakut senayakut
0
11
Securing the Future- A Deep Dive into the re-Invent:2024 Security Announcements
Avatar for Sena Yakut senayakut
0
12
What I’ve Learned-My Top AWS WAF Tips for Stronger Protection
Avatar for Sena Yakut senayakut
0
13
Hacking the Cloud - AWS Pentesting in Action
Avatar for Sena Yakut senayakut
0
110
Next-Level Defense: What re: Invent 2024 Means for Your Security
Avatar for Sena Yakut senayakut
0
64
Securing Large Language Models- Threats and Mitigations
Avatar for Sena Yakut senayakut
0
35
Cloud Security Engineering: The Profession of the Future
Avatar for Sena Yakut senayakut
0
48

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
49k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
299
50k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
280
13k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.8k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.2k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Visualization
Avatar for Eitan Lees eitanlees
146
16k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
177
9.7k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
33
6.6k

Transcript

  1. Cloud Security From Scratch Sena Yakut, 2023

  2. About Me Senior Cloud Security Engineer @Lyrebird Studio senayakut.com /sena-yakut

    Security & Identity @sena_yakutt

  3. Cloud Security Challenges - Lots of different environments, - Lots

    of cloud services that we should protect, - Lack of skills, - Lots of cloud security products, struggling to choose which one is the best, - Everyday, a new scenario, - Development is still ongoing, we need to think about security also. - Attackers are fast learners.

  4. Shared Responsibility Model for Cloud

  5. Your To-Do List for an AWS Account Use a distribution

    list for the root account - The most important account for cloud resources, - Phishing is still a most dangerous threat. - Use a group instead of one person. - Store securely the password.

  6. Your To-Do List for an AWS Account Use MFA -

    MFA is not an option, it’s a necessity. - Enable MFA wherever you can. - Use Authenticator apps, OTP tokens, etc. - Use multiple MFA options.

  7. Your To-Do List for an AWS Account Enable AWS CloudTrail

    - Who, when, what? - Focuses on the AWS environment and users, - Configure AWS CloudTrail in all regions enabled, - Store CloudTrail Logs, - Enable log file integrity for your logs.

  8. Your To-Do List for an AWS Account Enable AWS CloudTrail

  9. Your To-Do List for an AWS Account Enable Amazon GuardDuty

    - Threat detection, - Continuous monitoring service, - For your AWS accounts and workloads, - Just a few clicks for enabling, - Actionable results for your environment.

  10. Your To-Do List for an AWS Account Enable Amazon GuardDuty

  11. Your To-Do List for an AWS Account Enable Amazon GuardDuty

  12. Your To-Do List for an AWS Account Centralize Your Security

    Logs - Lots of logs: CloudWatch, Access Logs, CloudTrail, VPC Flow Logs etc. - Centralized storage in different AWS account is important.

  13. Your To-Do List for an AWS Account Centralize Your Security

    Logs

  14. Your To-Do List for an AWS Account Use Infrastructure as

    Code - Minimize the risk of human error, - Increased efficiency, - You’ll code all security best practices once, they can be deployed without any security misconfigurations anytime you want.

  15. Your To-Do List for an AWS Account Use Infrastructure as

    Code IaC security scanning options

  16. Your To-Do List for an AWS Account Review Your Resources

    Regularly - Use CSPM tools, - Review, audit, alert, monitor with different options.

  17. Your To-Do List for an AWS Account Review Your Resources

    Regularly

  18. Your To-Do List for an AWS Account Review Your Resources

    Regularly

  19. Questions?