%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
Outpost24 webinar - Busting the myths of cloud security
1. Busting the Myths of Cloud Security
Guidance for AWS, Azure and GCP workloads
Sergio Loureiro
Sept 2019
2. Outpost24 at a glance
2
• Global HQ – Sweden
• Sales – BeNeLux, DACH,
Nordics, UK&I/France, US
• MSSP and Reseller partners
in additional locations
• Over 130 full time staff
3. Outpost24 experience in Cloud Security
• Founding Member of the Cloud Security Alliance (CSA) and co-author of first
guidelines for cloud security in 2009
• Founding Member of the CSA French chapter in 2012 and board member in 2019
• Discovery of AWS first vulnerabilities and seminal paper in 2011
• First product in the AWS marketplace in 2012, AWS partner since 2012, Azure
Silver Partner
• 2 international patents on cloud security
3
4. 4
1. Data Breaches
2. Misconfiguration and inadequate change
control
3. Lack of cloud security architecture and strategy
4. Insufficient identity, credential, access and key
management
5. Account hijacking
6. Insider threat
7. Insecure interfaces and APIs
8. Weak control plane
9. Metastructure and applistructure failures
10. Limited cloud usage visibility
11. Abuse and nefarious use of cloud services
Myth #1: Cloud Security is no different
5. Myth #2: The Cloud Provider takes care of Security
5
Image credit: Microsoft
CWPPCSPM
9. More than 73% organizations are using
2 or more public cloud providers
• More attack surface
• Goal: knowing the surface
• Harder to have visibility
• Goal: Single pane of glass
• Different services and tools
• Goal: Controls homogeneity
9
Myth #6: Organizations are using only 1 Cloud Provider
Credit: SANS Cloud adoption survey 2019
10. Myth #7: Cloud Security Challenges are the same
10
Credit: SANS Cloud adoption survey 2019
11. Myth #8: Enterprises and Startups have the same needs
11
Migration
Are you using cloud
services securely?
What is the risk?
Compliance
How to implement
best practices?
Show business
value
Multi-Cloud
How to manage
risk across different
providers?
Continuous
Continuous alerts
and continuous risk
assessment
12. Poll: Where are you in your cloud journey?
• Consideration phase
• Migrating
• Utilizing hybrid and multi-cloud
• Fully established in cloud infrastructure
12
13. • Business intelligence and data
analytics are great use cases for
Cloud adoption
13
Myth #9: Cloud is only for non sensitive data
Credit: SANS Cloud adoption survey 2019
14. Myth #10: All workloads are the same 14
Image credit: Gartner, Inc
16. Myths and Guidance
1. Cloud Security is no different
2. The Cloud Provider takes cares of Security
3. Cloud Security only concerns workloads
4. Public Cloud is not secure
5. Cloud Providers have tools for everything
6. Organizations are using only 1 cloud provider
7. Cloud Security Challenges are the same
8. Enterprises and Startups have the same needs
9. Cloud is only for non sensitive data
10. All workloads are the same
16
Check requirements for data and
workloads in the cloud
Extend existing workload
security to the cloud (CWPP)
Address cloud configuration
assessment (CSPM)
Handle Hybrid and prepare for
Multi-Cloud
17. Handling Multi-
Cloud
Deployments
with a single
console
Migration of
Security
Controls to
Cloud
01
Achieving
compliance with
security
standards
02 03
Monitoring and
assessing risk in
continuous
mode
04
Use Cases and Requirements
17
Migration
Compliance
Multi-Cloud
Continuous
18. CSPM and CWPP Now
• CIS AWS benchmark
• CIS Azure benchmark
• CIS GCP benchmark
Cloud Security Posture Management
- > Add Configuration Management
Cloud Workload Protection Platforms
-> Integrate controls
Start with Identify
• System Management
• Vulnerability Assessment
• Awareness Training
18
19. Mapping Cloud Controls to NIST CSF
19
Source: SANS How to Optimize
Security Operations in the Cloud
Through the Lens of the NIST
Framework - Feb 2019