SlideShare uma empresa Scribd logo

Enterprise Cloud Security

MongoDB
MongoDB

Cloud computing transforms the way we can store, process and share our data. New applications and workloads are growing rapidly, which brings every day more sensitive data into the conversation about risk and what constitutes natural targets for bad actors. This presentation reflects on current best practices to address the most significant security concerns for sensitive data in the cloud, and offers participants a list of steps to achieve enterprise-grade safety with MongoDB deployments among the expanding service provider options.

Tecnologia
1 de 41
Baixar para ler offline
Davi Ottenheimer, Product Security Enterprise Cloud Security
Davi Ottenheimer __ -=(o '. '.-. /| '| || __):,_ > _ Product Security Making safety easier, faster, and more flexible
Cloud Trust Themes Service: benefits of tighter configs by relinquishing some control ● Flexibility across clouds ● Meet industry standards ● Advantage in trusted bridge builders
Cloud Trust Themes Common questions ● What can provider see (segregation of duties, AAA) ● What happens when provider detects a CVE or an incident ● How do we get operational logs ● Who is responsible for what ● Which key authorities can be used ● Where is the data really (can it disappear, can it not disappear)
Cloud Trust Themes Why it is so important to get Enterprise Cloud Security right ● Cause of breaches - configuration flaws, unpatched vulns ● Reputation loss, regulatory oversight and fines increasing https://www.computerweekly.com/news/450401190/UK-firms-could-face-122bn-in-data-breach-fines-in-2018
SALT. FOG.
https://www.flickr.com/photos/39391550@N00/6116946646 Why Do We Trust 600,000 Rivet Towers Spanning a Salt Fog?
https://www.flickr.com/photos/39391550@N00/6116946646 What Does Cloud Security Look Like?
60,000 Rivets - Per Plane 1. Normal Checklist - takeoff and landing routines 2. Emergency Checklist - minutes to make a critical decision “Life begins with a checklist...and it may end if you don’t use it” United States War Office Film 1-3301 How to Fly the B-26 http://www.flyingpenguin.com/?p=12965
Service Organization Control (SOC) PRIVACY & SECURITY INTEGRITY AVAILABILITY CONFIDENTIALITY AICPA SOC 2
DIY Checklists - Great Way to Learn! https://github.com/pkdone/MongoSecurityPlaypen WARNING: This project intentionally is NOT "production secure" The DIY SECURITY SERVICE LAYER
“...as a Service” is Less Complex, Fewer Errors On-premises Database as a ServiceSelf-managed in a cloud Managed features with minimal configuration Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening
Agenda Identity and Access Auditing Encryption Enterprise Cloud Security
Identity and Access Enterprise Cloud Security
Secure Access Controls ● Default Role is Closed ● Multi-Factor Authentication (MFA) Integration ● Role-based Access Controls (RBAC) for Projects, Users and Teams SECURITY USABILITY MFA Standards (e.g. fido) StrongWeak Poor Easy
Secure Access Controls ● Basic Checklist ○ In-flight data encryption (TLS 1.1+) ○ Authentication (SCRAM or LDAPS) ○ Traffic “firewall” (IP whitelist, default closed) ● Design Considerations ○ Dedicated VPC/Vnet: Isolated Single-tenant Cluster Nodes ○ Peered AWS VPCs (same region)
VPC Per Atlas Project AES At-Rest Encryption Secondary Secondary Primary Dedicated VPC (per project) ● Network default closed to public ● IP addresses explicitly whitelisted for inbound traffic ● User/password required to connect to database with configurable privileges ● Encryption ○ TLS In-Transit (Network) ○ AES At-Rest (Volume) Zone 1 Zone 2 Zone 3 Auth (SCRAM or LDAPS) IP Whitelist TLS In-Flight Encryption Application Server Environments
VPC Per Atlas Project AES At-Rest Encryption Secondary Secondary Primary ● Network default closed to public ● IP addresses explicitly whitelisted for inbound traffic ● User/password required to connect to database with configurable privileges ● Encryption ○ TLS In-Transit (Network) ○ AES At-Rest (Volume) ● Peering cluster VPC to app VPC = private network (can even reference VPC peered security groups) Zone 1 Zone 2 Zone 3 Auth (SCRAM or LDAPS) Your VPC for Application Servers VPC Peering Connection Peered VPC (per project)
IaaS Account Network Customer Replica Set Cluster Secondary Secondary Primary Zone 1 Zone 2 Zone 3 IaaS Unsharded Backup Service Data Flow Diagram
IaaS Account Network Query Router (mongos) Config Servers Customer IaaS Shard 0 2 2 1 Sharded Shard 1 2 2 1 Shard 2 2 2 1 Shard 3 2 2 1 Shard 3 2 2 1 Backup Service Data Flow Diagram
Auditing Enterprise Cloud Security
Activity Logs ● Records ○ Database Processes ○ Create, Read, Update, Delete (CRUD) ● Live feeds on all actions for monitoring/alerts ○ User or role modifications ○ Cluster deploy ○ Scale ○ Termination operations
Fine-grained monitoring and alerts
Fine-grained monitoring and alerts ● Monitoring and alerts provide full metrics on the state of your cluster’s database and server usage ● Automatic notifications when your database operations or server usage reach defined thresholds that affect your cluster's performance ● Combining our automated alerting with the flexible scale-up-and-out options in MongoDB Atlas, we can keep your database-supported applications always performing as well as they should
Real-time activity panel
Real-time activity panel Insight by revealing what’s happening in your cluster live to diagnose: ○ Operations ○ Read/Writes ○ Network In/Out ○ Memory ○ Hottest Collections ○ Slowest Operations
Behavioral Advisor
Behavioral Advisor ● Always-on for dedicated clusters ● Delivers automated recommendations without perf overhead ○ Relevant stats on slow queries ○ Automated index suggestions ○ Existing indexes across clusters
Data Explorer ● Interact with data from within UI ● A convenient way to: ○ Run queries ○ See metadata about your databases & collections ○ View information about your indexes, including index usage statistics
Queryable Snapshots Query backup and restore data at document level in minutes ○ Identify whether data of interest has been ○ altered and pinpoint best time to ○ restore database by comparing ○ multiple snapshots
Encryption Enterprise Cloud Security
Service Levels Key Store Key Distribution Encrypted Data Key Store Key Distribution Encrypted Data Key Store Key Distribution Encrypted Data Customer Customer Customer More Control (Customer-Managed Keys) More Ease (Encryption by Default) Cloud Key Service
Service Use Cases Regulated / Top Secret (PII/PHI/PCI) Encrypted Data Secret (IP, Internal) Key Distribution Encrypted Data Key Store Key Distribution Encrypted Data More Control (Customer-Managed Keys) More Ease (Encryption by Default) Cloud Key Service Confidential
AWS KMS: Delegated Master Keys Replica0 Replica Host (Linux, Windows…) Replica0 (mongod) Internal Keystore (Encrypted by Master Key) DB0 ECA Embedded Key Management Certificate PEM File CA Certificates File DB0 DB1 DBn DB1 DBn Replica1 Replica2 Atlas Enterprise Cloud Agent KMIP (create / get) KMSProxy
Partner Key Management Appliance: Master Keys Replica0 Replica Host (Linux, Windows…) Replica0 (mongod) Internal Keystore (Encrypted by Master Key) DB0 ESE Embedded Key Management Certificate PEM File CA Certificates File DB0 DB1 DBn DB1 DBnReplica1 Replica2 KMIP (create / get) Key management and keystore controlled by the organization, not the cloud service provider (https://www.nccoe.nist.gov/sites/default/files/library/sp1800/tc-hybrid-sp1800- 19a-preliminary-draft.pdf)
IaaS Key Service Differences Key Service Symmetric Asymmetric Data Size Unwrap keys Sign/verify AWS KMS AES-GCM-256 N/A 4kB RSA-OAEP and CKM_RSA_PKCS N/A GCP KMS AES-GCM-256 N/A 64kB N/A N/A Azure KV AES-256 RSA-2048 with RSA-OAEP and CKM_RSA_PKCS Single 2048-bit RSA block RSA-OAEP and CKM_RSA_PKCS RSA-PSS and CKM_RSA_PKCS http://docs.aws.amazon.com/kms/latest/developerguide/overview.html https://cloud.google.com/kms/docs/ https://docs.microsoft.com/en-us/azure/security/azure-security-encryption-atrest#key-hierarchy
For Instance: Migration Checklist Log Review Security Policy Review Identity and Access Control Configuration Encryption Key Management Disaster Recovery / Backup Redundancy / Resilience Networked Workloads Product Load / Scale Patching Cycles Abstracted Service Architecture
“...as a Service” is Less Complex, Fewer Errors On-premises Database as a ServiceSelf-managed in a cloud Managed features with minimal configuration Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening
https://www.flickr.com/photos/39391550@N00/6116946646 Why Do We Trust 600,000 Rivet Towers Spanning a Salt Fog?
Enterprise Cloud Security Identity and Access Auditing Encryption
Davi Ottenheimer, Product Security Thank You

Recomendados

MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...
Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...
Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...Nagios
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 

Recomendados

MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...
Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...
Nagios Conference 2014 - Tanja Lewit - Nagios and Kentix System Partners - Cr...Nagios
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
Microservices with Node.js and RabbitMQ
Microservices with Node.js and RabbitMQMicroservices with Node.js and RabbitMQ
Microservices with Node.js and RabbitMQPaulius Uza
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsGiuseppe Paterno'
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersAidan Finn
 
CIS13: OpenStack API Security
CIS13: OpenStack API SecurityCIS13: OpenStack API Security
CIS13: OpenStack API SecurityCloudIDSummit
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
OpenStack Security
OpenStack SecurityOpenStack Security
OpenStack Securityopenstackindia
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
Designing A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemDesigning A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemRuncy Oommen
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS ProvidersCloudflare
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
 
Operations: Security
Operations: SecurityOperations: Security
Operations: SecurityAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
Microservices with Node.js and RabbitMQ
Microservices with Node.js and RabbitMQMicroservices with Node.js and RabbitMQ
Microservices with Node.js and RabbitMQPaulius Uza
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsGiuseppe Paterno'
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersAidan Finn
 
CIS13: OpenStack API Security
CIS13: OpenStack API SecurityCIS13: OpenStack API Security
CIS13: OpenStack API SecurityCloudIDSummit
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...DevClub_lv
 
Designing A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemDesigning A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemRuncy Oommen
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS ProvidersCloudflare
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 

Mais procurados (20)

Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStack
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Microservices with Node.js and RabbitMQ
Microservices with Node.js and RabbitMQMicroservices with Node.js and RabbitMQ
Microservices with Node.js and RabbitMQ
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File Servers
 
CIS13: OpenStack API Security
CIS13: OpenStack API SecurityCIS13: OpenStack API Security
CIS13: OpenStack API Security
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
OpenStack Security
OpenStack SecurityOpenStack Security
OpenStack Security
 
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azur...
 
Designing A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemDesigning A Platform Agnostic HA System
Designing A Platform Agnostic HA System
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimization
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS Providers
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 

Semelhante a Enterprise Cloud Security

MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
DBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous DatabaseDBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous DatabaseSinanPetrusToma
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
Migrating Regulated Financial and Healthcare Data to a Trusted Cloud
Migrating Regulated Financial and Healthcare Data to a Trusted CloudMigrating Regulated Financial and Healthcare Data to a Trusted Cloud
Migrating Regulated Financial and Healthcare Data to a Trusted CloudMongoDB
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptxnitinscribd
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersTobias Koprowski
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Sophos Benelux
 
Platform Deep Dive
Platform Deep DivePlatform Deep Dive
Platform Deep DiveConrad23
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Sumo Logic
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 

Semelhante a Enterprise Cloud Security (20)

MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud Security
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
DBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous DatabaseDBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous Database
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
Migrating Regulated Financial and Healthcare Data to a Trusted Cloud
Migrating Regulated Financial and Healthcare Data to a Trusted CloudMigrating Regulated Financial and Healthcare Data to a Trusted Cloud
Migrating Regulated Financial and Healthcare Data to a Trusted Cloud
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
Platform Deep Dive
Platform Deep DivePlatform Deep Dive
Platform Deep Dive
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 

Mais de MongoDB

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump StartMongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
 

Mais de MongoDB (20)

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 

Último

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Último (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Enterprise Cloud Security

  • 1. Davi Ottenheimer, Product Security Enterprise Cloud Security
  • 2. Davi Ottenheimer __ -=(o '. '.-. /| '| || __):,_ > _ Product Security Making safety easier, faster, and more flexible
  • 3. Cloud Trust Themes Service: benefits of tighter configs by relinquishing some control ● Flexibility across clouds ● Meet industry standards ● Advantage in trusted bridge builders
  • 4. Cloud Trust Themes Common questions ● What can provider see (segregation of duties, AAA) ● What happens when provider detects a CVE or an incident ● How do we get operational logs ● Who is responsible for what ● Which key authorities can be used ● Where is the data really (can it disappear, can it not disappear)
  • 5. Cloud Trust Themes Why it is so important to get Enterprise Cloud Security right ● Cause of breaches - configuration flaws, unpatched vulns ● Reputation loss, regulatory oversight and fines increasing https://www.computerweekly.com/news/450401190/UK-firms-could-face-122bn-in-data-breach-fines-in-2018
  • 7. https://www.flickr.com/photos/39391550@N00/6116946646 Why Do We Trust 600,000 Rivet Towers Spanning a Salt Fog?
  • 9. 60,000 Rivets - Per Plane 1. Normal Checklist - takeoff and landing routines 2. Emergency Checklist - minutes to make a critical decision “Life begins with a checklist...and it may end if you don’t use it” United States War Office Film 1-3301 How to Fly the B-26 http://www.flyingpenguin.com/?p=12965
  • 10. Service Organization Control (SOC) PRIVACY & SECURITY INTEGRITY AVAILABILITY CONFIDENTIALITY AICPA SOC 2
  • 11. DIY Checklists - Great Way to Learn! https://github.com/pkdone/MongoSecurityPlaypen WARNING: This project intentionally is NOT "production secure" The DIY SECURITY SERVICE LAYER
  • 12. “...as a Service” is Less Complex, Fewer Errors On-premises Database as a ServiceSelf-managed in a cloud Managed features with minimal configuration Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening
  • 15. Secure Access Controls ● Default Role is Closed ● Multi-Factor Authentication (MFA) Integration ● Role-based Access Controls (RBAC) for Projects, Users and Teams SECURITY USABILITY MFA Standards (e.g. fido) StrongWeak Poor Easy
  • 16. Secure Access Controls ● Basic Checklist ○ In-flight data encryption (TLS 1.1+) ○ Authentication (SCRAM or LDAPS) ○ Traffic “firewall” (IP whitelist, default closed) ● Design Considerations ○ Dedicated VPC/Vnet: Isolated Single-tenant Cluster Nodes ○ Peered AWS VPCs (same region)
  • 17. VPC Per Atlas Project AES At-Rest Encryption Secondary Secondary Primary Dedicated VPC (per project) ● Network default closed to public ● IP addresses explicitly whitelisted for inbound traffic ● User/password required to connect to database with configurable privileges ● Encryption ○ TLS In-Transit (Network) ○ AES At-Rest (Volume) Zone 1 Zone 2 Zone 3 Auth (SCRAM or LDAPS) IP Whitelist TLS In-Flight Encryption Application Server Environments
  • 18. VPC Per Atlas Project AES At-Rest Encryption Secondary Secondary Primary ● Network default closed to public ● IP addresses explicitly whitelisted for inbound traffic ● User/password required to connect to database with configurable privileges ● Encryption ○ TLS In-Transit (Network) ○ AES At-Rest (Volume) ● Peering cluster VPC to app VPC = private network (can even reference VPC peered security groups) Zone 1 Zone 2 Zone 3 Auth (SCRAM or LDAPS) Your VPC for Application Servers VPC Peering Connection Peered VPC (per project)
  • 19. IaaS Account Network Customer Replica Set Cluster Secondary Secondary Primary Zone 1 Zone 2 Zone 3 IaaS Unsharded Backup Service Data Flow Diagram
  • 20. IaaS Account Network Query Router (mongos) Config Servers Customer IaaS Shard 0 2 2 1 Sharded Shard 1 2 2 1 Shard 2 2 2 1 Shard 3 2 2 1 Shard 3 2 2 1 Backup Service Data Flow Diagram
  • 22. Activity Logs ● Records ○ Database Processes ○ Create, Read, Update, Delete (CRUD) ● Live feeds on all actions for monitoring/alerts ○ User or role modifications ○ Cluster deploy ○ Scale ○ Termination operations
  • 24. Fine-grained monitoring and alerts ● Monitoring and alerts provide full metrics on the state of your cluster’s database and server usage ● Automatic notifications when your database operations or server usage reach defined thresholds that affect your cluster's performance ● Combining our automated alerting with the flexible scale-up-and-out options in MongoDB Atlas, we can keep your database-supported applications always performing as well as they should
  • 26. Real-time activity panel Insight by revealing what’s happening in your cluster live to diagnose: ○ Operations ○ Read/Writes ○ Network In/Out ○ Memory ○ Hottest Collections ○ Slowest Operations
  • 28. Behavioral Advisor ● Always-on for dedicated clusters ● Delivers automated recommendations without perf overhead ○ Relevant stats on slow queries ○ Automated index suggestions ○ Existing indexes across clusters
  • 29. Data Explorer ● Interact with data from within UI ● A convenient way to: ○ Run queries ○ See metadata about your databases & collections ○ View information about your indexes, including index usage statistics
  • 30. Queryable Snapshots Query backup and restore data at document level in minutes ○ Identify whether data of interest has been ○ altered and pinpoint best time to ○ restore database by comparing ○ multiple snapshots
  • 32. Service Levels Key Store Key Distribution Encrypted Data Key Store Key Distribution Encrypted Data Key Store Key Distribution Encrypted Data Customer Customer Customer More Control (Customer-Managed Keys) More Ease (Encryption by Default) Cloud Key Service
  • 33. Service Use Cases Regulated / Top Secret (PII/PHI/PCI) Encrypted Data Secret (IP, Internal) Key Distribution Encrypted Data Key Store Key Distribution Encrypted Data More Control (Customer-Managed Keys) More Ease (Encryption by Default) Cloud Key Service Confidential
  • 34. AWS KMS: Delegated Master Keys Replica0 Replica Host (Linux, Windows…) Replica0 (mongod) Internal Keystore (Encrypted by Master Key) DB0 ECA Embedded Key Management Certificate PEM File CA Certificates File DB0 DB1 DBn DB1 DBn Replica1 Replica2 Atlas Enterprise Cloud Agent KMIP (create / get) KMSProxy
  • 35. Partner Key Management Appliance: Master Keys Replica0 Replica Host (Linux, Windows…) Replica0 (mongod) Internal Keystore (Encrypted by Master Key) DB0 ESE Embedded Key Management Certificate PEM File CA Certificates File DB0 DB1 DBn DB1 DBnReplica1 Replica2 KMIP (create / get) Key management and keystore controlled by the organization, not the cloud service provider (https://www.nccoe.nist.gov/sites/default/files/library/sp1800/tc-hybrid-sp1800- 19a-preliminary-draft.pdf)
  • 36. IaaS Key Service Differences Key Service Symmetric Asymmetric Data Size Unwrap keys Sign/verify AWS KMS AES-GCM-256 N/A 4kB RSA-OAEP and CKM_RSA_PKCS N/A GCP KMS AES-GCM-256 N/A 64kB N/A N/A Azure KV AES-256 RSA-2048 with RSA-OAEP and CKM_RSA_PKCS Single 2048-bit RSA block RSA-OAEP and CKM_RSA_PKCS RSA-PSS and CKM_RSA_PKCS http://docs.aws.amazon.com/kms/latest/developerguide/overview.html https://cloud.google.com/kms/docs/ https://docs.microsoft.com/en-us/azure/security/azure-security-encryption-atrest#key-hierarchy
  • 37. For Instance: Migration Checklist Log Review Security Policy Review Identity and Access Control Configuration Encryption Key Management Disaster Recovery / Backup Redundancy / Resilience Networked Workloads Product Load / Scale Patching Cycles Abstracted Service Architecture
  • 38. “...as a Service” is Less Complex, Fewer Errors On-premises Database as a ServiceSelf-managed in a cloud Managed features with minimal configuration Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening Download, install, configure management software Configure firewall and manage ports Encrypt network traffic for MongoDB deployment Encrypt network traffic to/from management software and your MongoDB deployment Enable and configure authentication Enable and configure RBAC Configure storage-level encryption Encrypt backup jobs Security hardening
  • 39. https://www.flickr.com/photos/39391550@N00/6116946646 Why Do We Trust 600,000 Rivet Towers Spanning a Salt Fog?
  • 40. Enterprise Cloud Security Identity and Access Auditing Encryption
  • 41. Davi Ottenheimer, Product Security Thank You