Outpost24 Webinar - cloud security controls best practice
0 likes110 views
The document provides an overview of cloud security best practices for AWS, Azure and GCP workloads. It discusses where to start when migrating workloads to IaaS and PaaS environments, the importance of cloud workload protection platforms (CWPP) and cloud security posture management (CSPM). The document also outlines some fundamental security controls that should be addressed, such as vulnerability management and application security. It provides guidance on how to keep pace with new security tools from cloud providers and find what works best. Lastly, it discusses how cloud security controls are evolving and how to prepare for better implementation and compliance.
Outpost24 Webinar - cloud security controls best practice
- 1. Cloud Security Controls Best Practice Advanced Guidance for AWS, Azure and GCP workloads Sergio Loureiro Feb 2020
- 2. Outpost24 at a glance 2 • Global HQ – Sweden • Sales – BeNeLux, DACH, Nordics, UK&I/France, US • MSSP and Reseller partners in additional locations • Over 150 full time staff
- 3. Outpost24 experience in Cloud Security • Founding Member of the Cloud Security Alliance (CSA) and co-author of first guidelines for cloud security in 2009 • Founding Member of the CSA French chapter in 2012 and board member in 2019 • Discovery of AWS first vulnerabilities and seminal paper in 2011 • First product in the AWS marketplace in 2012, AWS partner since 2012, Azure Silver Partner • 2 international patents on cloud security 3
- 4. Agenda • Where to start when migrating to IaaS and PaaS? • Why CWPP and CSPM are critical to cloud security? • What are the fundamental controls security teams must address now? • How to keep pace with new security tooling from cloud providers and finding what works best for you? • Where are cloud security controls heading and how to prepare for better implementation and compliance? 4
- 5. 5 Where to start when migrating to IaaS and PaaS? • Through 2023, at least 99% of cloud security failures will be the customer’s fault. Gartner 2019
- 6. Major Cloud Security Challenges 6 Credit: SANS Cloud adoption survey 2019
- 7. Cloud Maturity Adoption 7 Migration Are you using cloud services securely? What is the risk? Compliance How to implement best practices? Show business value Multi-Cloud How to manage risk across different providers? Continuous Continuous alerts and continuous risk assessment
- 8. Why CWPP and CSPM are critical to cloud security? 8 Image credit: Microsoft CWPPCSPM
- 9. 9 What are the fundamental controls security teams must address now? • Cloud Security Posture Management • Cloud configuration Assessment • Cloud Workload Protection Platform • Vulnerability Management • Application security • Anti-virus, HIDS/HIPS, etc
- 10. CSPM and CWPP Now • CIS AWS benchmark • CIS Azure benchmark • CIS GCP benchmark Cloud Security Posture Management - > Add Configuration Management Cloud Workload Protection Platforms -> Integrate controls Start with Identify • System Management • Vulnerability Assessment • Awareness Training 10
- 11. What checks? = What is in the CIS benchmarks? CIS AWS • 49 checks • IAM, Logging, Monitoring, Networking CIS Azure • 97 checks • IAM, Security Center, Storage Accounts, SQL Services, Logging and Monitoring, Networking, Virtual Machines, Other
- 12. Examples of CSPM: CIS AWS and CIS Azure Controls 12
- 13. How to prioritize CSPM findings? • No CVSS • CIS benchmarks are marked scored/not scored • Azure Security Center has its own scoring • Without contextualization it’s hard to do • Ideally, tags will indicate the most critical systems and user tags to help prioritize results
- 14. What is missing? AWS, Azure and GCP advanced services • More than 100 services on AWS, Azure and GCP • Start with foundational services (example of AWS): • Networking: SGs, VPCs, NACLs, CloudFront • Instances: EC2 • Storage: S3, EBS • IAM: rights and connection to AD
- 15. Workloads: Mapping Cloud Controls to NIST CSF 15 Source: SANS How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework - Feb 2019
- 16. 16 • Source: Gartner Market Guide to Cloud Workload Protection Platform 2017 CWPP
- 17. Guidance
- 18. Traditional Security is disrupted by Cloud • Shared responsibility • New layer of configuration (and misconfigurations) • Elasticity and Agile • Changing IPs for VMs • License model • Cloud Shadow IT • New cloud services every week • APIs for everything publicly accessible 18
- 19. More than 73% organizations are using 2 or more public cloud providers • More attack surface • Goal: Knowing the surface • Harder to have visibility • Goal: Single pane of glass • Different services and tools • Goal: Controls homogeneity 19 Plan for Multi-Cloud Credit: SANS Cloud adoption survey 2019
- 20. Get full visibility on workloads and configuration 20 • For CWPP, extend existing tools • Marketplace tools are available • Check for deployment model (SaaS, agents, appliances) • For CSPM, start with CIS benchmarks: AWS, Azure, GCP • Do an assessment now!
- 21. 21 How to keep pace with new security tooling from cloud providers and finding what works best for you? AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - …
- 22. Compare and reduce lock-in risk 22 © 2018 Gartner, Inc.ID: 343562 Comparison of Cloud Console and Deployment Security GCP Stackdriver Logging (Cloud Security Command Center in Alpha Stage) AWS AWS CloudWatch, AWS CloudTrail AWS Guard Duty AWS Inspector AWS Trusted Advisor Azure Azure Monitor, Azure Operational Insights Advanced Threat Protection Azure Advisor Azure Security Center Visibility Tools Threat Protection Security Assessment Cloud Configuration Assessment Console and Deployment Security (Cloud Security Command Center in Alpha Stage) CSP Access Transparency AWS Organizations (Service Control Policies) Enterprise wide Policiesand Constraints (Access Transparency in Beta Stage) Azure Management Groups © 2018 Gartner, Inc.ID: 343562 Comparison of Instance Security GCPAWS AWS Inspector AWS Systems Manager Azure Azure Security Center Microsoft Antimalware for Azure Update Management (Part of Azure Automation) Vulnerability Assessment Endpoint Protection Patch Management Instance Security Source: Gartner Comparing Security Controls and Paradigms in AWS, Google Cloud Platformand Microsoft Azure, June 2018
- 23. Where are cloud security controls heading and how to better prepare for implementation and compliance? 23
- 24. Follow the Workloads 24 Image credit: Gartner, Inc
- 25. • Business intelligence and data analytics are great use cases for Cloud adoption 25 Follow the Data Credit: SANS Cloud adoption survey 2019
- 26. Extend to new cloud services – Off the beaten track 26 Goals: • Keep up with the pace of innovation • Be a business enabler while maintaining control • Get your foundations right: IAM, Network, Application, Data Protection and Ops Considerations: • Not always possible to install agents, for example Serverless/FaaS • Discover and implement best practices for every IaaS/PaaS service – today hundreds • Sometimes no best practices available, providers tend to be slow with security
- 27. Key Takeaways
- 28. Handling Multi- Cloud Deployments with a single console Migration of Security Controls to Cloud 01 Achieving compliance with security standards 02 03 Monitoring and assessing risk in continuous mode 04 Use Cases and Requirements 28 Migration Compliance Multi-Cloud Continuous
- 29. 4 Steps Guidance 29 Check requirements for data and workloads in the cloud Extend existing workload security to the cloud (CWPP) Address cloud configuration assessment (CSPM) Handle Hybrid and prepare for Multi-Cloud
- 30. TestProduction 30 Internal Network Netsec SWAT/MS SUPPORT Clone & Scan Internal app External app Data Centre Cloudsec Appsec Hacker-In-A-Box + Workload Analytics Cloud On premise Outpost24 Hybrid Cloud Security
- 31. Comprehensive Full-Stack Solution 31 Combines all 3 into one solution
- 32. Sergio Loureiro Cloudsec Product Manager sel@outpost24.com +33 647 475 259 Thanks for listening! Q&A
- 33. 33 1. Data Breaches 2. Misconfiguration and inadequate change control 3. Lack of cloud security architecture and strategy 4. Insufficient identity, credential, access and key management 5. Account hijacking 6. Insider threat 7. Insecure interfaces and APIs 8. Weak control plane 9. Metastructure and applistructure failures 10. Limited cloud usage visibility 11. Abuse and nefarious use of cloud services Cloud Security is different