Upload File

10 step guide to cloud security - 10th magnitude - css dallas azure

  • Home
  • Technology
  • 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure
26
AZURE SECURITY PLAYBOOK: 10 STEP GUIDE TO CLOUD SECURITY Ryan McDonald Cloud Security Practice Manager, 10 th Magnitude

Upload: alert-logic

Post on 22-Jan-2018

102 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

AZURE SECURITY PLAYBOOK: 10 STEP GUIDE TO CLOUD SECURITY

Ryan McDonaldCloud Security Practice Manager, 10th Magnitude

Page 2: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Azure Security Playbook10 Step Guide to Cloud Security

Page 3: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Ryan McDonald, Director, Managed Services10th MagnitudeCISSP

[email protected]@rtmcdowww.linkedin.com/in/ryanmcdonald

Page 4: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude20171:Rightscale:2017StateofCloudSurveyhttp://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey#hybrid-cloud

Cloud adoption is growing - 90% of Fortune 500 use Microsoft Cloud

Page 5: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude20171:Rightscale:2017StateofCloudSurveyhttp://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey#hybrid-cloud

While cloud is growing, hybrid is the most common approach, with 67% of

Enterprises adopting hybrid cloud in 2017

Page 6: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017Sourc:e GartnerRevealsTopPredictionsforITOrganizationsandUsersfor2016andBeyond,October2015,http://www.gartner.com/newsroom/id/3143718

“Through 2020, 95 percent of cloud security failures will be the customer's

fault” – Gartner

Page 7: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

1. Old rules still apply

Page 8: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

2. 90% of breaches can be avoided if you do the simple things

Page 9: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

3. It starts with the foundation

Page 10: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Page 11: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

4. Understand the Shift

Page 12: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Page 13: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Page 14: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

anti

Page 15: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Identity

Page 16: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

built-in

Page 17: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Page 18: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

partner

Page 19: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

DevOps build in

Page 20: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

roadmap

Page 21: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Thank you!More information @10thmagnitude.com

Page 22: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017

Appendix

Page 23: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017 23

1.Don'tforgetwhathasserveduswell(Oldrulesstillapply)§ PeopleProcessandTechnology§ Riskbasedapproach§ UsePrincipleofLeasePrivilege

2.90%ofbreachescanbeavoidedifyoudothesimplethings§ HardenOS&Patch

<https://www.cisecurity.org/cis-hardened-images-now-in-microsoft-azure-marketplace/>§ ControlIdentity

<https://docs.microsoft.com/en-us/azure/security/azure-security-identity-management-best-practices>§ Currentanti-virusandanti-malware

<https://docs.microsoft.com/en-us/azure/security/azure-security-antimalware>

§ Monitor<https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-overview>

10STEPGUIDETOCLOUDSECURITYAPPENDIX

Page 24: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017 24

3.Itstartswiththefoundation§ AzureScaffold

<https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-subscription-governance>

4.UnderstandtheShift§ SharedResponsibilityModel

<https://cloudsecurityalliance.org/group/cloud-controls-matrix/><https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/><https://gallery.technet.microsoft.com/Shared-Responsibilities-81d0ff91><https://www.microsoft.com/en-us/trustcenter/stp/default.aspx>

5.Lookfortheanti-patterns

10STEPGUIDETOCLOUDSECURITYAPPENDIX

Page 25: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017 25

6.IdentityisthenewPerimeter§ Protectallidentitiesregardlessoftheirprivilegelevel§ Proactivelypreventcompromisedidentitiesfrombeingabused

<https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/active-directory-securing-privileged-access><https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection><https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection><https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/active-directory-securing-privileged-access><https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal><https://gallery.technet.microsoft.com/eBook-Defending-the-New-dcd58679>

7.LeverageBuiltinSecurity§ AzureSecurityCenter

<https://docs.microsoft.com/en-us/azure/security-center/security-center-partner-integration><https://docs.microsoft.com/en-us/azure/security-center/security-center-intro><https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities>

10STEPGUIDETOCLOUDSECURITYAPPENDIX

Page 26: 10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure

©10th Magnitude2017 26

8.Leveragepartnerofferingsforadvancedsecurityandcompliance9.WorkwithDevOpsteamstobuildinsecurity

<https://github.com/azsdk/azsdk-docs><https://azure.microsoft.com/en-us/services/azure-policy/>

10.Understandtheroadmap<https://azure.microsoft.com/en-us/blog/><https://cloudblogs.microsoft.com/microsoftsecure/ ><https://blogs.technet.microsoft.com/msoms/><https://cloudblogs.microsoft.com/hybridcloud/><https://blogs.technet.microsoft.com/><https://blogs.msdn.microsoft.com/cloud_solution_architect/><https://cloudblogs.microsoft.com/enterprisemobility/author/brad-anderson/><https://blogs.technet.microsoft.com/heyscriptingguy/><https://azure.microsoft.com/en-us/blog/topics/virtual-machines/><https://blogs.technet.microsoft.com/hybridcloudbp/>

10STEPGUIDETOCLOUDSECURITYAPPENDIX


IoT Continuum - Sciences · Azure IoT Hub Azure IoT Hub Device Provisioning Service Azure Digital Twins, Azure Maps Azure Time Series Insights Azure Stream Analytics Azure Cosmos

the webjaoo.dk/dl/html5-london-2011/slides/MartinBeeby... · CSS3 Animations CSS3 Backgrounds and Borders CSS Color CSS FlexBox CSS Fonts CSS Grid Alignment CSS Hyphenation CSS Image

eBECS SmartWorker - Microsoft Azure · 10/1/2015  · Azure HDInsight, AzureML, Power BI, Azure Data Factory, Azure Data Lake Hot path analytics Azure Stream Analytics, Azure HDInsight

CSS Cheatsheet - CSS-3-Cheatsheet

CSS: Cascading Style Sheets - elite.polito.it · Summary •Introduction •CSS syntax •CSS selectors •CSS cascading •CSS box model •CSS positioning schemes •Page layout

CSS & eCSStender [CSS Summit 2011]

Cascading Style Sheets - CSS basics. CSS use in html Internally css Externally

CSS, CSS Selectors, CSS Box Model

CSS comes after HTML By David J. Young. Agenda Web pages created with CSS Web pages created with CSS CSS 101 CSS 101 CSS Concepts CSS Concepts CSS Shortcuts

CSS Day: CSS Grid Layout

Security Implications of the Cloud - CSS Dallas Azure

Azure & Open Source Azure Ecosystem - pershing.com.t€¦ · Azure & Open Source Azure Ecosystem. ... Docker on Azure ... •Jenkins and Hudson Plugins PaaS Websites •Azure Java

Azure Powershell. Azure Automation

Earthquake Magnitude · Earthquake magnitude scales: Logarithmic measure of earthquake size –amplitude of biggest wave: Magnitude 6 quake 10 * Magnitude 5 –energy: Magnitude 6

CSS - polito.itelite.polito.it/files/slide/Computers/Data_Formats/Style_Sheets/CSS/... · CSS: Cascading Style Sheet CSS 1: W3C recommendation 17 Dec 1996 CSS 2.1: W3C Candidate Recommendation

CSS-100, CSS-135, CSS-160 CSS-50R CSS-B CSS-HCSS-100, CSS-135, CSS-160 and CSS-270 Pre-cut cable straps ranging from 10” to 27” long with locking head installed. CSS-50R 50 ft

Designing and Implementing an Azure AI Solution · Azure Key Vault: Azure service principals Azure managed identities Azure Security Center Azure Policy Explanation: Explanation:

INTERNAL CSS Casey Ames Different types of CSS There are three different types of CSS: ◦ External CSS ◦ Internal CSS ◦ Inline CSS In this presentation

CSS Level 3 - ATLAS Institutecreative.colorado.edu/.../pdf/week8-tech-css-layout.pdf · 2018-10-16 · css timeline 1996 - css 1.0 recommendation 2000 - css 2.0 recommendation

CSS Styling Introduction - ucg.ac.me › skladiste › blog_4051 › objava...CSS Styling Introduction About the Course CSS Styling 1. CSS Overview 2. CSS Presentation 3. CSS Display

INTRODUCTION TO CSS. OBJECTIVES: D EFINE WHAT CSS IS. K NOW THE HISTORY OF CSS. K NOW THE REASON WHY CSS IS USED. CSS SYNTAX. CSS ID AND CLASS

IoT in Action Taipei - Microsoft...Azure IoT Suite Azure Time Series Insights Azure Machine Learning Azure Stream Analytics Azure Cosmos DB Azure Data Lake Azure Data Lake Analytics

SMB JumpStart: Azure Backup and Azure Site Recovery · PDF fileSMB JumpStart: Azure Backup and Azure Site Recovery ... to price solutions, ... Azure Backup and Azure Site Recovery

Web Workshop: CSS Objectives: - “What is CSS?” - Structure of CSS - How to use CSS in your webpage

CSS Hadas Kahsay. Overview What is CSS Basic syntax of CSS Rules How to link CSS style to html documents Browsers and CSS Advantages of CSS

HTML5 Features on Tizen...HTML5 Forms, Selectors API, Media Queries, CSS Transforms, CSS Animati ons, CSS Transitions, CSS Color, CSS Background and Borders, CSS Flexib le Box Layout,

Cascading Style Sheets CSS by Pavlovic Nenad by. 2Cascading Style Sheets Presentation Contents What are CSS? What are CSS? History of CSS History of CSS

CSS Hat vs Photoshop's Copy CSS

INTRODUCING CSS What CSS does How CSS works Rules, properties, and values

CSS JS CSS JavaScript Components

Azure RTOS GUIX - download.microsoft.com · Microsoft Azure RTOS, Azure RTOS FileX, Azure RTOS GUIX, Azure RTOS GUIX Studio, Azure RTOS NetX, Azure RTOS NetX Duo, Azure RTOS ThreadX,

WHAT IS CSS · CSS describes how HTML elements should be displayed. This tutorial will teach you CSS from basic to advanced. WHAT IS CSS ? CSS stands for Cascading Style Sheets CSS

CSS HOME « W3Schools Home Next Chapter - Fadel K · CSS Pseudo-element CSS Navigation Bar CSS Image Gallery CSS Image Opacity CSS Image Sprites CSS Media Types CSS Attribute Selectors

HTML & CS S€¦ · CSS CSS Syntax ... Including CSS Specificity Rules The CSS Box Model Responsiveness CSS Flexbox (optional knowledge)

Unlocking IoT’s Potential - Extreme Arts · Azure Stream Analytics Azure Storage Azure ML Azure SQL Azure Functions Azure Cognitive Services Azure IoT Central (SaaS) Dynamics Connected