Cloud SecurityWhat’s so Funny About PaaS Love & Understanding?

About Us

ijaghmani@lixar.comca.linkedin.com/in/ismail-jaghmani-58a3858

Frank BoucherCloud Solution Architect Microsoft Azure MVP P-Seller Technical Solution Professional

Ismail JaghmaniSr. Cloud Developer

fboucher@lixar.comlinkedin.com/in/fboucherosfrankysnotes.com

Agenda

l Quick Context of Security in the cloudl General Best Practicesl Networking Servicesl Security and Identity Servicesl Management Tools

SECURITY IS A HOT TOPIC

Security is Shared Responsibility

Cloud ProviderCustomer

Application & Data

Identity & Access Management

Operating System, Network & firewall configuration

Compute Storage Databases

Availability

Zones Regions

Services

Cloud Infrastructure

Application and Data Security Best Practices

l Enforce multi-factor authentication

l Use role based access control

l Use hardware security modules

l Manage with Secure Workstations

l Enable data encryption

Network Services

AWS

Virtual Private Cloud (VPC)

Azure

Virtual Network

Description

-Network isolation. -Defined rules to satisfy your security needs.-Filter and inspect the outbound and inbound traffic.

ExpressRouteDirect ConnectEstablishes a dedicated, private

network connection from a location to the cloud.

Identity Management

AWS

Identity & Access Management

Azure AD/Role-based access control

AzureDescription

Provides fine-grained access to resources in could.

Multi-Factor AuthenticationMulti-Factor

AuthenticationMore than one method of

authentication.

Azure Active Directory

AWS IAM

Tools and Data protection

AWS

Encryption Encryption

DescriptionClient Side Encryption

Data in transit encryptionStorage encryption

VM encryption

Key VaultKey management

servicesCloudHSM

Creates, controls, and protects encryption keys. HSM provides hardware-based key storage.

Inspector Security CenterAutomatically assess Network,

VMs, OS and applications configuration for

vulnerabilities or deviations from best practices.

Azure

Azure Security Center

AWS Inspector

Tools and Data protection

AWS

CloudTrail CloudWatch

Description

Collect, track, store, analyze, and deliver metrics and log files.

Trusted Advisor

Provides analysis of cloud resource configuration and

security in compliance with the best practices.

Availability, Performance, Security and cost.

Azure

Log Analytics

Advisor

Log Analytics

CloudWatch

AWS Advisor

Azure Advisor

References

● Common Vulnerabilities and Exposures https://cve.mitre.org/index.html

● Center for Internet Security (CIS) Benchmarkshttps://benchmarks.cisecurity.org

● Azure security best practices and patterns https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patterns

● Microsoft Docshttps://docs.microsoft.com