10 step guide to cloud security - 10th magnitude - css dallas azure
TRANSCRIPT
AZURE SECURITY PLAYBOOK: 10 STEP GUIDE TO CLOUD SECURITY
Ryan McDonaldCloud Security Practice Manager, 10th Magnitude
©10th Magnitude2017
Ryan McDonald, Director, Managed Services10th MagnitudeCISSP
[email protected]@rtmcdowww.linkedin.com/in/ryanmcdonald
©10th Magnitude20171:Rightscale:2017StateofCloudSurveyhttp://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey#hybrid-cloud
Cloud adoption is growing - 90% of Fortune 500 use Microsoft Cloud
©10th Magnitude20171:Rightscale:2017StateofCloudSurveyhttp://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey#hybrid-cloud
While cloud is growing, hybrid is the most common approach, with 67% of
Enterprises adopting hybrid cloud in 2017
©10th Magnitude2017Sourc:e GartnerRevealsTopPredictionsforITOrganizationsandUsersfor2016andBeyond,October2015,http://www.gartner.com/newsroom/id/3143718
“Through 2020, 95 percent of cloud security failures will be the customer's
fault” – Gartner
©10th Magnitude2017 23
1.Don'tforgetwhathasserveduswell(Oldrulesstillapply)§ PeopleProcessandTechnology§ Riskbasedapproach§ UsePrincipleofLeasePrivilege
2.90%ofbreachescanbeavoidedifyoudothesimplethings§ HardenOS&Patch
<https://www.cisecurity.org/cis-hardened-images-now-in-microsoft-azure-marketplace/>§ ControlIdentity
<https://docs.microsoft.com/en-us/azure/security/azure-security-identity-management-best-practices>§ Currentanti-virusandanti-malware
<https://docs.microsoft.com/en-us/azure/security/azure-security-antimalware>
§ Monitor<https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-overview>
10STEPGUIDETOCLOUDSECURITYAPPENDIX
©10th Magnitude2017 24
3.Itstartswiththefoundation§ AzureScaffold
<https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-subscription-governance>
4.UnderstandtheShift§ SharedResponsibilityModel
<https://cloudsecurityalliance.org/group/cloud-controls-matrix/><https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/><https://gallery.technet.microsoft.com/Shared-Responsibilities-81d0ff91><https://www.microsoft.com/en-us/trustcenter/stp/default.aspx>
5.Lookfortheanti-patterns
10STEPGUIDETOCLOUDSECURITYAPPENDIX
©10th Magnitude2017 25
6.IdentityisthenewPerimeter§ Protectallidentitiesregardlessoftheirprivilegelevel§ Proactivelypreventcompromisedidentitiesfrombeingabused
<https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/active-directory-securing-privileged-access><https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection><https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection><https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/active-directory-securing-privileged-access><https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal><https://gallery.technet.microsoft.com/eBook-Defending-the-New-dcd58679>
7.LeverageBuiltinSecurity§ AzureSecurityCenter
<https://docs.microsoft.com/en-us/azure/security-center/security-center-partner-integration><https://docs.microsoft.com/en-us/azure/security-center/security-center-intro><https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities>
10STEPGUIDETOCLOUDSECURITYAPPENDIX
©10th Magnitude2017 26
8.Leveragepartnerofferingsforadvancedsecurityandcompliance9.WorkwithDevOpsteamstobuildinsecurity
<https://github.com/azsdk/azsdk-docs><https://azure.microsoft.com/en-us/services/azure-policy/>
10.Understandtheroadmap<https://azure.microsoft.com/en-us/blog/><https://cloudblogs.microsoft.com/microsoftsecure/ ><https://blogs.technet.microsoft.com/msoms/><https://cloudblogs.microsoft.com/hybridcloud/><https://blogs.technet.microsoft.com/><https://blogs.msdn.microsoft.com/cloud_solution_architect/><https://cloudblogs.microsoft.com/enterprisemobility/author/brad-anderson/><https://blogs.technet.microsoft.com/heyscriptingguy/><https://azure.microsoft.com/en-us/blog/topics/virtual-machines/><https://blogs.technet.microsoft.com/hybridcloudbp/>
10STEPGUIDETOCLOUDSECURITYAPPENDIX