SlideShare a Scribd company logo

NIST Cybersecurity Framework (CSF) on the Public Cloud

Download as PPTX, PDF
C
CloudHesive

NIST Cybersecurity Framework (CSF) on the Public Cloud

Technology
1 of 52
NIST Cybersecurity Framework (CSF) on the Public Cloud
Topics • Introduction • ExampleWorkload: End User Computing • What can go wrong? Ransomware Incident Response in End User Computing • End User Computing Security Best Practices • Modernizing Security Controls • NIST Cybersecurity Framework • Adjacent Frameworks • Public Cloud Services alignment to NIST Cybersecurity Framework
Introduction
Public Cloud Revenue – has/is forecasted to increaseYoY
Users andVulnerable Software – Still a Challenge Verizon 2021 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx
CustomerWorkload Personas – Growth inVariety • Migrated • Server Based • Migrated & Optimized • Blends of Server and Service Based • Serverless/Native • Service Based • Orchestrated • ECS, EKS, K8s • Inherited • Wildcard! • Hybrid • Wildcard!
Service Categories – Also Growth inVariety • Analytics • Application Integration • AR &VR • AWS Cost Management • Blockchain • Business Applications • Compute • Customer Engagement • Database • Developer Tools • End User Computing • GameTech • Internet ofThings • Machine Learning • Management & Governance • Media Services • Migration &Transfer • Mobile • Networking & Content Delivery • QuantumTechnologies • Robotics • Satellite • Security, Identity, & Compliance • Storage
The Scenario
Shared Responsibility Model
End User Computing Sample Deployment
What’s missing? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
End User Computing Sample Deployment
What could go wrong? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
The Approach
Overview • Through the lens of the NIST Cybersecurity Framework we will look at frameworks developed by, and services available onAWS. • Cloud Services, such as those offered by AWS either/both play a supporting role in your security posture, supporting both non-AWS resources andAWS resources alike but secure configuration of AWS resources can also play a role in supporting your security posture. • The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
The Cybersecurity Framework Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core ImplementationTiers A qualitative measure of organizational cybersecurity risk management practices
The Cybersecurity Framework - Functions • Identify • Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • Protect • Develop and implement appropriate safeguards to ensure delivery of critical services. • Detect • Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • Respond • Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • Recover • Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
An Excerpt from the Framework Core 5 Functions 23 Categories 108 Subcategories 6 Informative References
ImplementationTiers 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk • benefits my sharing or receiving information from outside parties
CIS Controls & Benchmarks • Controls • Similar, though more prescriptive than NIST CSF • Can be mapped to CSF • Benchmarks • Prescriptive steps to apply controls to specific technologies • AWS • Workspaces • Windows/Linux • Other Services
CIS Benchmark End User Computing Example
CloudWorkload Lifecycle Management Framework • Workload • Architecture • Monitoring • Automation • Processes
Workload + Architecture Drives Service Selection • Virtual Machines • AMI • Patching • Multi-threaded/Multi-task • Hours to Months • PerVM/Per Hour • Functions/Services • Code • Versioning • Single-threaded/Single-task • Microseconds to Seconds • Per Memory/Second/Per Request • Containers • Container File • Versioning • Multi-threaded/Single-task • Minutes to Days • PerVM/Per Hour
Integration
Automation + Processes Drives Lifecycle Management Selection • Organizations • Cross-AccountAsset Management + Governance • ControlTower • Account vending/default standardization • Service Catalog • Workload platform vending/default standardization • CloudFormation • IaC • Ephemeral Compute + API Managed Data/Control Plane for PersistenceTiers • Hands off/Lights out
Processes • Patching • Backup/RestoreTesting • FailoverTesting (AZ) • Credential Rotation/CredentialAudit • Event ResponseTesting • Incident ResponseTesting • PerformanceTesting • Performance/Cost Review • Vulnerability/PenetrationTesting
Cloud Adoption Framework (CAF) https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/accelerating-business-outcomes.html
Cloud Adoption Framework (CAF) • Perspectives • Business • Value Realization • People • Roles & Readiness • Governance • Prioritization & Control • Platform • Applications & Infrastructure • Security • Risk & Compliance • Operations • Manage & Scale
Cloud Adoption Framework (CAF) - Capabilities https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html
Cloud Adoption Framework (CAF) – Capabilities - Security https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
CAF – Security Perspective • Directive • Account Ownership and contact information • Change and asset management • Least privilege access • Preventive • Identity and access • Infrastructure protection • Data protection • Detective • Logging and monitoring • Asset inventory • Change detection • Responsive • Vulnerabilities • Privilege escalation • DDoS attack
Well Architected Framework (WAF) • General • Event-Triggered • Workload-Focused • General Design Principals • Pillars • Design Principals • Best Practices • Lenses
WAF – Pillars • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization • Sustainability – New!
WAF – Lenses • High Performance Computing (HPC) • Serverless • Internet ofThings (IOT) • Financial Services Industry (FinServ) • FoundationalTechnical Review (FTR) • SaaS • Streaming Media • Machine Learning • SAP • DataAnalytics • Games Industry • Hybrid Networking • Management and Governance –Well Aligned!
WAF – General Design Principals • Stop guessing your capacity needs • Test systems at production scale • Automate to make architectural experimentation easier • Allow for evolutionary architectures • Drive architectures using data • Improve through game days
WAF – Game Days • Prepare • Is the process/are the processes to be tested during the game day well defined? Is access in place? Has training been performed? • Define • Workload, Personnel, Scenario, Environment, Schedule • Execute • Start, Middle, End • Analyze • Debrief, Examine, Document, Root Cause Analysis (RCA), Correction of Error (CoE)
WAF – Security Pillar • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events • Best Practices • Identity and Access Management • Detection • Infrastructure Protection • Data Protection • Incident Response
Let’s tie it all together… https://aws.amazon.com/blogs/security/optimizing-cloud-governance-on-aws-integrating-the-nist-cybersecurity-framework-aws- cloud-adoption-framework-and-aws-well-architected/
Identify
Identify • Everything on the previous slides 
Identify • Audit Manager • Cost Management Services (Individual Services) • Certificate Manager (Public + Private) • Firewall Manager (WAF + Security Groups) • Directory Service + Identity and Access Management (+ Services with their own Policies) • AccessAdvisor,Access Analyzer,Organization Activity • Inspector • Key Management Service + Secrets Manager • Macie • Premium Support +Trusted Advisor + Personal Health Dashboard • Systems Manager • Security Hub + Config + Config Rules • Tags
Identify – Organizations • Tag policies • Artifact • Backup • CloudFormation StackSets • CloudTrail • Config • Directory Service • Firewall Manager • Resource Access Manager • Service Catalog • Single Sign-On • Systems Manager
Protect/Detect
Protect • VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall), Network Firewall, DNS Firewall,Gateway Load Balancer • WAF: Layer 7WAF • Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection • VPC:VGW (Point to Point and IPSECConnectivity) + Peering (VPC toVPC Connectivity) + Endpoints (Private Connectivity to AWS Services), ClientVPN (Client toVPC Connectivity) • IAM + Directory Service + SSO: Standalone and Federated AAA • KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services, provides expiration and ability to provide self-generated cryptographic material • ACM: Public and Private PKI Certificate Authority • Secure Credential Storage: Secrets Manager, Systems Manager • Nitro Enclaves
Protect • AWS Auto Scaling: EC2, Dynamo,Aurora Autoscaling • Code Commit/ECS (Image Scanning)/Signer: Secure Application and Artifact Repository + dedicated account • Code Deploy/Systems Manager: “Hands off” OS and configuration management + application deployment • EC2: Systems Manager (OS and above patching + auditing), Amazon Linux 2 Live Patching • AWS Backup: EC2, RDS, EFS, Dynamo Backups + dedicated account • Workspaces: Secure Bastion • CloudFormation + OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention • Host Based Security
Detect
Detect • Guard Duty • Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent storage • VPC: Flow Logs (NetFlow) + Port Mirroring • CloudWatch Logs: OS and above log management • CloudTrail: AuditTrail, Exportable as JSON to idempotent storage • Cloudfront, ALB andWAF: All log (CloudFront and ALB in S3,WAF in Kinesis) • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention + dedicated account
Respond/Recover
Respond • Detective • Disk Snapshots • Don’t forget to remove from retention policy • Automated withThreatResponse,GRR • Memory Snapshots • Automated withThreatResponse,GRR,Volatility, Rekall • Logs • Don’t forget to remove from retention policy • Query and Correlate with Athena • Measure
Recover • Block Access (WAF, Security Group, ACL, IAM) • Revert to Known Good State (Snapshots,Versioning) • Identify/Correct Root Cause (Logs!) • Rotate Credentials (people and things) • Measure
Conclusion • Iterate introduction of your security controls – some in the short term is better than none in the long term. • Detective Controls are just as important as Preventative Controls, they play a significant response in incident detection and response. • Whether your workload is onAWS or not,AWS services can be used to supplement your controls. • There is no lack of frameworks – pick and choose from them to make a framework that works best for your organization’s needs.
ThankYou!

Recommended

Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 

Recommended

Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationNicholas Vossburg
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0Maganathin Veeraragaloo
 
Disaster Recovery Planning using Azure Site Recovery
Disaster Recovery Planning using Azure Site RecoveryDisaster Recovery Planning using Azure Site Recovery
Disaster Recovery Planning using Azure Site RecoveryNitin Agarwal
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
Customer identity and access management (ciam)
Customer identity and access management (ciam)Customer identity and access management (ciam)
Customer identity and access management (ciam)Nuvento Systems Pvt Ltd
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWSCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 

More Related Content

What's hot

Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationNicholas Vossburg
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Disaster Recovery Planning using Azure Site Recovery
Disaster Recovery Planning using Azure Site RecoveryDisaster Recovery Planning using Azure Site Recovery
Disaster Recovery Planning using Azure Site RecoveryNitin Agarwal
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
Customer identity and access management (ciam)
Customer identity and access management (ciam)Customer identity and access management (ciam)
Customer identity and access management (ciam)Nuvento Systems Pvt Ltd
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 

What's hot (20)

Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
 
Disaster Recovery Planning using Azure Site Recovery
Disaster Recovery Planning using Azure Site RecoveryDisaster Recovery Planning using Azure Site Recovery
Disaster Recovery Planning using Azure Site Recovery
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Customer identity and access management (ciam)
Customer identity and access management (ciam)Customer identity and access management (ciam)
Customer identity and access management (ciam)
 
Cloud security
Cloud securityCloud security
Cloud security
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 

Similar to NIST Cybersecurity Framework (CSF) on the Public Cloud

Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSCloudHesive
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on securityCloudHesive
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing OverviewManju Srinivas
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Incident response in Cloud
Incident response in CloudIncident response in Cloud
Incident response in CloudVandana Verma
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAmazon Web Services
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Lucas Jellema
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security GovernanceCan Demirel
 
Where to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationWhere to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationAmazon Web Services
 

Similar to NIST Cybersecurity Framework (CSF) on the Public Cloud (20)

Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Incident response in Cloud
Incident response in CloudIncident response in Cloud
Incident response in Cloud
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security Governance
 
Boot camp - Migration to AWS
Boot camp - Migration to AWSBoot camp - Migration to AWS
Boot camp - Migration to AWS
 
Where to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationWhere to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio Migration
 

More from CloudHesive

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaCloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...CloudHesive
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...CloudHesive
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxCloudHesive
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath IntroductionCloudHesive
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfCloudHesive
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfCloudHesive
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxCloudHesive
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesiveCloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsCloudHesive
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations CloudHesive
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022CloudHesive
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)CloudHesive
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)CloudHesive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Meetup Protect from Ransomware Attacks
Meetup Protect from Ransomware AttacksMeetup Protect from Ransomware Attacks
Meetup Protect from Ransomware AttacksCloudHesive
 
Amazon Connect Bootcamp
Amazon Connect BootcampAmazon Connect Bootcamp
Amazon Connect BootcampCloudHesive
 
Fort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the CloudFort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the CloudCloudHesive
 

More from CloudHesive (20)

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of Florida
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath Introduction
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdf
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdf
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptx
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Meetup Protect from Ransomware Attacks
Meetup Protect from Ransomware AttacksMeetup Protect from Ransomware Attacks
Meetup Protect from Ransomware Attacks
 
Amazon Connect Bootcamp
Amazon Connect BootcampAmazon Connect Bootcamp
Amazon Connect Bootcamp
 
Fort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the CloudFort Lauderdale Tech Talks - The Future is the Cloud
Fort Lauderdale Tech Talks - The Future is the Cloud
 

Recently uploaded

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

NIST Cybersecurity Framework (CSF) on the Public Cloud

  • 1. NIST Cybersecurity Framework (CSF) on the Public Cloud
  • 2. Topics • Introduction • ExampleWorkload: End User Computing • What can go wrong? Ransomware Incident Response in End User Computing • End User Computing Security Best Practices • Modernizing Security Controls • NIST Cybersecurity Framework • Adjacent Frameworks • Public Cloud Services alignment to NIST Cybersecurity Framework
  • 4. Public Cloud Revenue – has/is forecasted to increaseYoY
  • 5. Users andVulnerable Software – Still a Challenge Verizon 2021 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx
  • 6. CustomerWorkload Personas – Growth inVariety • Migrated • Server Based • Migrated & Optimized • Blends of Server and Service Based • Serverless/Native • Service Based • Orchestrated • ECS, EKS, K8s • Inherited • Wildcard! • Hybrid • Wildcard!
  • 7. Service Categories – Also Growth inVariety • Analytics • Application Integration • AR &VR • AWS Cost Management • Blockchain • Business Applications • Compute • Customer Engagement • Database • Developer Tools • End User Computing • GameTech • Internet ofThings • Machine Learning • Management & Governance • Media Services • Migration &Transfer • Mobile • Networking & Content Delivery • QuantumTechnologies • Robotics • Satellite • Security, Identity, & Compliance • Storage
  • 10. End User Computing Sample Deployment
  • 11. What’s missing? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
  • 12. End User Computing Sample Deployment
  • 13. What could go wrong? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
  • 15. Overview • Through the lens of the NIST Cybersecurity Framework we will look at frameworks developed by, and services available onAWS. • Cloud Services, such as those offered by AWS either/both play a supporting role in your security posture, supporting both non-AWS resources andAWS resources alike but secure configuration of AWS resources can also play a role in supporting your security posture. • The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
  • 16. The Cybersecurity Framework Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core ImplementationTiers A qualitative measure of organizational cybersecurity risk management practices
  • 17. The Cybersecurity Framework - Functions • Identify • Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • Protect • Develop and implement appropriate safeguards to ensure delivery of critical services. • Detect • Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • Respond • Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • Recover • Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
  • 18. An Excerpt from the Framework Core 5 Functions 23 Categories 108 Subcategories 6 Informative References
  • 19. ImplementationTiers 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk • benefits my sharing or receiving information from outside parties
  • 20. CIS Controls & Benchmarks • Controls • Similar, though more prescriptive than NIST CSF • Can be mapped to CSF • Benchmarks • Prescriptive steps to apply controls to specific technologies • AWS • Workspaces • Windows/Linux • Other Services
  • 21. CIS Benchmark End User Computing Example
  • 22. CloudWorkload Lifecycle Management Framework • Workload • Architecture • Monitoring • Automation • Processes
  • 23. Workload + Architecture Drives Service Selection • Virtual Machines • AMI • Patching • Multi-threaded/Multi-task • Hours to Months • PerVM/Per Hour • Functions/Services • Code • Versioning • Single-threaded/Single-task • Microseconds to Seconds • Per Memory/Second/Per Request • Containers • Container File • Versioning • Multi-threaded/Single-task • Minutes to Days • PerVM/Per Hour
  • 25. Automation + Processes Drives Lifecycle Management Selection • Organizations • Cross-AccountAsset Management + Governance • ControlTower • Account vending/default standardization • Service Catalog • Workload platform vending/default standardization • CloudFormation • IaC • Ephemeral Compute + API Managed Data/Control Plane for PersistenceTiers • Hands off/Lights out
  • 26. Processes • Patching • Backup/RestoreTesting • FailoverTesting (AZ) • Credential Rotation/CredentialAudit • Event ResponseTesting • Incident ResponseTesting • PerformanceTesting • Performance/Cost Review • Vulnerability/PenetrationTesting
  • 27. Cloud Adoption Framework (CAF) https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/accelerating-business-outcomes.html
  • 28. Cloud Adoption Framework (CAF) • Perspectives • Business • Value Realization • People • Roles & Readiness • Governance • Prioritization & Control • Platform • Applications & Infrastructure • Security • Risk & Compliance • Operations • Manage & Scale
  • 29. Cloud Adoption Framework (CAF) - Capabilities https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html
  • 30. Cloud Adoption Framework (CAF) – Capabilities - Security https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
  • 31. CAF – Security Perspective • Directive • Account Ownership and contact information • Change and asset management • Least privilege access • Preventive • Identity and access • Infrastructure protection • Data protection • Detective • Logging and monitoring • Asset inventory • Change detection • Responsive • Vulnerabilities • Privilege escalation • DDoS attack
  • 32. Well Architected Framework (WAF) • General • Event-Triggered • Workload-Focused • General Design Principals • Pillars • Design Principals • Best Practices • Lenses
  • 33. WAF – Pillars • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization • Sustainability – New!
  • 34. WAF – Lenses • High Performance Computing (HPC) • Serverless • Internet ofThings (IOT) • Financial Services Industry (FinServ) • FoundationalTechnical Review (FTR) • SaaS • Streaming Media • Machine Learning • SAP • DataAnalytics • Games Industry • Hybrid Networking • Management and Governance –Well Aligned!
  • 35. WAF – General Design Principals • Stop guessing your capacity needs • Test systems at production scale • Automate to make architectural experimentation easier • Allow for evolutionary architectures • Drive architectures using data • Improve through game days
  • 36. WAF – Game Days • Prepare • Is the process/are the processes to be tested during the game day well defined? Is access in place? Has training been performed? • Define • Workload, Personnel, Scenario, Environment, Schedule • Execute • Start, Middle, End • Analyze • Debrief, Examine, Document, Root Cause Analysis (RCA), Correction of Error (CoE)
  • 37. WAF – Security Pillar • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events • Best Practices • Identity and Access Management • Detection • Infrastructure Protection • Data Protection • Incident Response
  • 38. Let’s tie it all together… https://aws.amazon.com/blogs/security/optimizing-cloud-governance-on-aws-integrating-the-nist-cybersecurity-framework-aws- cloud-adoption-framework-and-aws-well-architected/
  • 40. Identify • Everything on the previous slides 
  • 41. Identify • Audit Manager • Cost Management Services (Individual Services) • Certificate Manager (Public + Private) • Firewall Manager (WAF + Security Groups) • Directory Service + Identity and Access Management (+ Services with their own Policies) • AccessAdvisor,Access Analyzer,Organization Activity • Inspector • Key Management Service + Secrets Manager • Macie • Premium Support +Trusted Advisor + Personal Health Dashboard • Systems Manager • Security Hub + Config + Config Rules • Tags
  • 42. Identify – Organizations • Tag policies • Artifact • Backup • CloudFormation StackSets • CloudTrail • Config • Directory Service • Firewall Manager • Resource Access Manager • Service Catalog • Single Sign-On • Systems Manager
  • 44. Protect • VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall), Network Firewall, DNS Firewall,Gateway Load Balancer • WAF: Layer 7WAF • Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection • VPC:VGW (Point to Point and IPSECConnectivity) + Peering (VPC toVPC Connectivity) + Endpoints (Private Connectivity to AWS Services), ClientVPN (Client toVPC Connectivity) • IAM + Directory Service + SSO: Standalone and Federated AAA • KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services, provides expiration and ability to provide self-generated cryptographic material • ACM: Public and Private PKI Certificate Authority • Secure Credential Storage: Secrets Manager, Systems Manager • Nitro Enclaves
  • 45. Protect • AWS Auto Scaling: EC2, Dynamo,Aurora Autoscaling • Code Commit/ECS (Image Scanning)/Signer: Secure Application and Artifact Repository + dedicated account • Code Deploy/Systems Manager: “Hands off” OS and configuration management + application deployment • EC2: Systems Manager (OS and above patching + auditing), Amazon Linux 2 Live Patching • AWS Backup: EC2, RDS, EFS, Dynamo Backups + dedicated account • Workspaces: Secure Bastion • CloudFormation + OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention • Host Based Security
  • 47. Detect • Guard Duty • Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent storage • VPC: Flow Logs (NetFlow) + Port Mirroring • CloudWatch Logs: OS and above log management • CloudTrail: AuditTrail, Exportable as JSON to idempotent storage • Cloudfront, ALB andWAF: All log (CloudFront and ALB in S3,WAF in Kinesis) • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention + dedicated account
  • 49. Respond • Detective • Disk Snapshots • Don’t forget to remove from retention policy • Automated withThreatResponse,GRR • Memory Snapshots • Automated withThreatResponse,GRR,Volatility, Rekall • Logs • Don’t forget to remove from retention policy • Query and Correlate with Athena • Measure
  • 50. Recover • Block Access (WAF, Security Group, ACL, IAM) • Revert to Known Good State (Snapshots,Versioning) • Identify/Correct Root Cause (Logs!) • Rotate Credentials (people and things) • Measure
  • 51. Conclusion • Iterate introduction of your security controls – some in the short term is better than none in the long term. • Detective Controls are just as important as Preventative Controls, they play a significant response in incident detection and response. • Whether your workload is onAWS or not,AWS services can be used to supplement your controls. • There is no lack of frameworks – pick and choose from them to make a framework that works best for your organization’s needs.