O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Cloud security

961 visualizações

Publicada em

An overview of cloud security
- Quick Context of Security in the cloud
- General Best Practices
- Networking Services
- Security and Identity Services
- Management Tools

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Cloud security

  1. 1. Cloud Security What’s so Funny About PaaS Love & Understanding?
  2. 2. About Us ijaghmani@lixar.com ca.linkedin.com/in/ismail-jaghmani-58a3858 Frank Boucher Cloud Solution Architect Microsoft Azure MVP P-Seller Technical Solution Professional Ismail Jaghmani Sr. Cloud Developer fboucher@lixar.com linkedin.com/in/fboucheros frankysnotes.com
  3. 3. Agenda l Quick Context of Security in the cloud l General Best Practices l Networking Services l Security and Identity Services l Management Tools
  5. 5. Security is Shared Responsibility Cloud ProviderCustomer Application & Data Identity & Access Management Operating System, Network & firewall configuration Compute Storage Databases Availability Zones Regions Services Cloud Infrastructure
  6. 6. Application and Data Security Best Practices l Enforce multi-factor authentication l Use role based access control l Use hardware security modules l Manage with Secure Workstations l Enable data encryption
  7. 7. Network Services AWS Virtual Private Cloud (VPC) Azure Virtual Network Description -Network isolation. -Defined rules to satisfy your security needs. -Filter and inspect the outbound and inbound traffic. ExpressRouteDirect Connect Establishes a dedicated, private network connection from a location to the cloud.
  8. 8. Identity Management AWS Identity & Access Management Azure AD/Role-based access control AzureDescription Provides fine-grained access to resources in could. Multi-Factor Authentication Multi-Factor Authentication More than one method of authentication.
  9. 9. Azure Active Directory
  10. 10. AWS IAM
  11. 11. Tools and Data protection AWS Encryption Encryption Description Client Side Encryption Data in transit encryption Storage encryption VM encryption Key Vault Key management services CloudHSM Creates, controls, and protects encryption keys. HSM provides hardware-based key storage. Inspector Security Center Automatically assess Network, VMs, OS and applications configuration for vulnerabilities or deviations from best practices. Azure
  12. 12. Azure Security Center
  13. 13. AWS Inspector
  14. 14. Tools and Data protection AWS CloudTrail CloudWatch Description Collect, track, store, analyze, and deliver metrics and log files. Trusted Advisor Provides analysis of cloud resource configuration and security in compliance with the best practices. Availability, Performance, Security and cost. Azure Log Analytics Advisor
  15. 15. Log Analytics
  16. 16. CloudWatch
  17. 17. AWS Advisor
  18. 18. Azure Advisor
  19. 19. References ● Common Vulnerabilities and Exposures https://cve.mitre.org/index.html ● Center for Internet Security (CIS) Benchmarks https://benchmarks.cisecurity.org ● Azure security best practices and patterns https://docs.microsoft.com/en- us/azure/security/security-best-practices-and-patterns ● Microsoft Docs https://docs.microsoft.com