The document discusses security best practices for cloud platforms like AWS and Azure. It covers topics like network security using services like VPC and Virtual Network, identity management with IAM and Azure AD, encryption tools, and security monitoring solutions. Best practices for the cloud include enforcing multi-factor authentication, role-based access control, data encryption, and using security tools to inspect configurations and detect vulnerabilities.
5. Security is Shared Responsibility
Cloud ProviderCustomer
Application & Data
Identity & Access Management
Operating System, Network & firewall
configuration
Compute Storage Databases
Availability Zones Regions
Services
Cloud Infrastructure
6. Application and Data Security Best Practices
l Enforce multi-factor authentication
l Use role based access control
l Use hardware security modules
l Manage with Secure Workstations
l Enable data encryption
7. Network Services
AWS
Virtual Private Cloud
(VPC)
Azure
Virtual Network
Description
-Network isolation.
-Defined rules to satisfy your security needs.
-Filter and inspect the outbound and inbound traffic.
ExpressRouteDirect Connect
Establishes a dedicated, private
network connection from a location to
the cloud.
8. Identity Management
AWS
Identity & Access
Management
Azure AD/Role-based
access control
AzureDescription
Provides fine-grained access to
resources in could.
Multi-Factor
Authentication
Multi-Factor
Authentication
More than one method of
authentication.
11. Tools and Data protection
AWS
Encryption Encryption
Description
Client Side Encryption
Data in transit encryption
Storage encryption
VM encryption
Key Vault
Key management services
CloudHSM
Creates, controls, and protects
encryption keys. HSM provides
hardware-based key storage.
Inspector Security Center
Automatically assess Network,
VMs, OS and applications
configuration for vulnerabilities or
deviations from best practices.
Azure
14. Tools and Data protection
AWS
CloudTrail
CloudWatch
Description
Collect, track, store, analyze, and deliver
metrics and log files.
Trusted Advisor
Provides analysis of cloud resource
configuration and security in
compliance with the best practices.
Availability, Performance, Security
and cost.
Azure
Log Analytics
Advisor
19. References
● Common Vulnerabilities and Exposures
https://cve.mitre.org/index.html
● Center for Internet Security (CIS) Benchmarks
https://benchmarks.cisecurity.org
● Azure security best practices and patterns https://docs.microsoft.com/en-
us/azure/security/security-best-practices-and-patterns
● Microsoft Docs
https://docs.microsoft.com