In his presentation, Peter will share his insights and experiences on Red flags and attention points in cloud security audit, watch the security gates.
Red flags and attention points in cloud security audit, watch the security gates.
1. AI, Cloud & Modern Workplace
Conference 2024
15, 16 & 17 February , Online Conference
https://aicmwc.azurewebsites.net
2. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Red flags and attention points in cloud
security audit
Watch the security gates
15 February 2024 , 21:00 P.M. (GMT+2)
Peter GEELEN
MVP Security (Identity & Access)
https://www.linkedin.com/in/pgeelen/
3. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Important to know: Security = PPT
• PPT
• People
• Process
• Technology
4. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Important to know: Security = PPT
• PPT
• People
• Process
• Technology
5. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Security across the company
• Strategic
• Tactical
• Operational
STRATEGIC (CxO)
TACTICAL (Dept.)
OPERATIONAL
6. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Management team tasks
• Accountability
• Planning
• Resources
• Operations
• Performance
• Continuous improvement
Act Plan
Do
Check
Act Plan
Do
Check
Security
Improvement
Time
8. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Security is a process, continuously changing
1
2
3
In
Few tasks
simple
Change
Important volume of tasks
Dependent tasks
Balance from one to another
Out
Lots of tasks
Lengthy
Complex
Legal impact
Possible reactivation
Uniqueness Conflicts
9. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
How are you doing?
10. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
How is your customer or supplier doing?
11. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Monitoring or Audit: what’s the difference ?
Monitoring
• Performance check
• Continuous (or high frequency)
• By Owner
Audit
• Compliance check
• Regular intervals (lower frequency)
• Independent from owner
12. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types
• 1st party (internal audit)
• 2nd party
• Customer > supplier
• Supplier > customer
• 3rd party
• external
13. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types : internal audit
• Self-validation (Auditing within company)
• No publication to external parties
• No certificate
14. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types : 2nd party audit (mutual)
• Commercial interest first
• Contractual dependence
• Due diligence
• Mutual interest
• Customer checking (potential) supplier
• Supplier checking (potential) customer, eg before onboarding
• Delegation / verification of compliance
• Verification if delegated tasks are done correctly
15. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types : 3rd party audit (external)
• Independence between parties
• Auditor vs customer
• No combination of consulting & audit allowed
• Segregation of duties
• Official certificate
• Published
• Available to external parties
16. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit main principles
• Snapshot of situation
• Quick estimation of situation
• Risk based
• Solution based, continuous improvement
Some hands-on experience to stay out of trouble
… detecting the red flags
17. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
1. First login with god mode
• First login
• First administrator
• Full power
• God mode
Solution
- Create special admin account
- No mail, enable MFA
18. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
2. User ID and password
• Typically personal account
• User ID… and just password (an mail address)
Solution
• MFA
• Hardware tokens
• Passkeys (MFA next gen)
19. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
3. Default groups
• Azure Groups
• Large volume of Azure and M365 Roles
Solution
• Avoid the use of default groups
• Task based access, granular control
• Only use default groups when no other option left
20. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
4. Ad-hoc (eh..no) Identity Management
• Manual management
• No process
• User duplication from existing users
Solution
• Setup basic IDM (identity mgmt)
• Setup IAM (identity and access mgmt)
1
2
3
In
Start of identity
Hire,
onboarding,
provisioning,
create,
Begin, ...
Change of identity, move,
promotion, update, maintenance,
operations, ...
Out
End-of-life
Fire,
termination,
End-of-contract,
deprovisioning,
Revocation,
delete, ...
21. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
5. No process management
• Manual management
• No process owner
• No process
• No idea how data flows
• No idea on changes
Solution
• Use basic process definitions
• Check ISO9001
22. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
6. All-in one account
• User account = admin account
• Mail enabled
• Used for office and admin tasks
Solution
• Account separation
• Segregation of duties
• Separate logins for users and administrators
23. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
7. All-in one desktop
• Login account = local admin account
• Full access
• …
Solution
• Daily operations as user
• Admin for specific access
24. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
8. RDP remote access
• RDP to Azure
• …
Solution
• Bastion host
25. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
9. One network
• One network
• Direct connections to Azure
• No segmentation (neither in Azure as physical)
Solution
• Segmentation
• Firewalls on every host and every network
26. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
9. Onetime configuration
• One configuration fixed at first configuration
• But once set, never reset …
• No review
• No IDM cycle
Solution: check...
• Everytime on new configuration
• During changes
• Check regularly (put it on your agenda)
• Use IDM (lifecycle)
27. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
References
• Microsoft
• Azure compliance: ISO27001
• Azure compliance: ISO27017 / ISO 27018
• Learn Microsoft Azure audit and logging fundamentals
• Azure security logging and auditing
• Azure security management and monitoring overview
28. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
References
• Azure hardening
• Azure security best practices and patterns
29. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
References
• ISO standards
• ISO 27001: ISMS (information security management system)
• ISO 27002: ISMS guidance
• ISO 27017: cloud security
• ISO 27018: PII in cloud (data protection in cloud
• Cloud security basics (CCSK by CSA)
• https://cloudsecurityalliance.org/
• Cloud controls matrix
30. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
More of this…
• On my blog
• Identity Underground
• https://identityunderground.wordpress.com/
31. Thank You !!!
AI, Cloud & Modern Workplace
Conference 2024
15, 16 & 17 February , Online Conference