Falling in Love with the Cloud – Securely

Transcript

1. Sena Yakut, 2025 Falling in Love with the Cloud –

   Securely

2. About Me! Sena Yakut, Cloud Security Architect @CyberWhiz All details,

   links about me:

3. What is cloud computing and why should we care? Cloud

   computing is on-demand access to computing resources—like servers, databases, storage—without owning the physical hardware. Think of it like renting a fully-stocked kitchen instead of building one yourself.

4. What is cloud computing and why should we care? •

   Speed: You can go from idea to deployment in hours. • Scalability: Resources grow with your needs—no awkward capacity planning. • Global Reach: Build once, serve globally. • And more… BUT... Love without trust leads to heartbreak. Because falling for the cloud is easy, but staying secure takes work.

5. "First Date – Setting Up the Foundation" → IAM, baseline

   security posture. "Just like any good first date, you want to make a great impression... but also set some boundaries." Identity & Access Management (IAM) • Use least privilege: Only give the access that’s absolutely necessary. • Enforce MFA (especially for root!). • Prefer roles over users (temporary access > permanent credentials). • Rotate and audit access keys regularly.

6. "First Date – Setting Up the Foundation" → IAM, baseline

   security posture. "Just like any good first date, you want to make a great impression... but also set some boundaries." Baseline Security Posture • Enable CloudTrail in all regions – your date needs receipts! • Set up AWS Config to detect drifts from secure configurations. • Use Security Hub / Trusted Advisor to assess foundational issues. • Activate GuardDuty to detect early warning signs of suspicious behavior.

7. "Getting Serious – Defining Boundaries" → Network segmentation, SCPs, VPCs.

   "Now that we’re serious, it’s time to talk boundaries—healthy ones." Network Segmentation • Use VPCs to isolate workloads. • Break into public and private subnets (e.g., web tier vs. DB tier). • Control flow with security groups and network ACLs. • Implement VPC Flow Logs—like reading between the lines of network traffic.

8. "Getting Serious – Defining Boundaries" → Network segmentation, SCPs, VPCs.

   "Now that we’re serious, it’s time to talk boundaries—healthy ones." Service Control Policies (SCPs) (if using AWS Organizations) • Prevent account-wide mistakes, even from root users. • Block actions like: • s3:* outside specific regions • ec2:RunInstances without approved AMIs • Think of SCPs as your relationship non-negotiables.

9. Trust but Verify – Healthy Relationships Need Monitoring "Even in

   the best relationships, you need to know what’s going on—just in case." Because if something goes wrong, you want alerts, not surprises. Amazon GuardDuty • Your threat detection companion. • Monitors for: • Unusual API calls • Credential exfiltration • Port scanning and reconnaissance • Integrate with EventBridge → Lambda for automated responses.

10. Trust but Verify – Healthy Relationships Need Monitoring "Even in

    the best relationships, you need to know what’s going on—just in case." Because if something goes wrong, you want alerts, not surprises. AWS CloudTrail • The relationship journal—logs all API calls. • Use for: • Incident investigation • Change history • Who-did-what-and-when clarity • Store in S3 with encryption and retention policies.

11. Trust but Verify – Healthy Relationships Need Monitoring "Even in

    the best relationships, you need to know what’s going on—just in case." Because if something goes wrong, you want alerts, not surprises. AWS Security Hub • The central view of your security posture. • Aggregates findings from: • GuardDuty • Inspector • IAM Access Analyzer • Custom checks (via AWS Config)

12. Breakups Hurt – But Backups Heal “Even the best cloud

    love stories face storms. But with good backups, you can always bounce back.” Disaster Recovery • Define and test your disaster recovery plan regularly. • Use services like AWS Backup, EBS snapshots, and RDS automated backups. • Consider multi-region replication for mission-critical systems (e.g., S3 Cross- Region Replication). Versioning and Lifecycle Rules • Enable S3 Versioning to recover deleted or overwritten files. • Apply lifecycle rules to move old data to Glacier or delete it. • Use infrastructure as code (IaC) to rebuild environments quickly.

13. Forever After – Keeping the Spark Alive “Happily ever after

    doesn’t just happen—you have to keep showing up.” Continuous Compliance • Use tools like AWS Config, Security Hub, and Config Rules to: • Continuously assess posture. • Get alerted when something drifts. • Auto-remediate common issues. DevSecOps Integration • Shift security left in the CI/CD pipeline. • Embed tools like: • Checkov, tfsec for IaC. • Trivy, Snyk for container scans. • Secrets detection in Git (e.g., Gitleaks). • Security should be collaborative, not gatekeeping.

14. THANK YOU AND STAY CONNECTED