The pandemic brought an increasing number of cyberattacks in the last 18 months (e.g. phishing attacks increased by 350%). The rush to become a cloud-first business combined with remote work and digitalization made companies vulnerable to cyber threats. Failing to embed cloud security inside the business can be seen in the newspapers every day. In this session, we learn together what we should do to make our cloud IT solutions better from the security point of view, or at least to track what a cyber intruder was able to steal or do.

2. @RADUVUNVULEA
COVID-19 IS A CLOUD SECURITY
CATALYST

3. GLOBAL ADOPTION OF DIGITIZATION HAS
INCREASED TO 55% IN THE LAST SEVEN
YEARS
h t t p s : / / w w w . m c k i n s e y. c o m / b u s i n e s s - f u n c t i o n s / s t r a t e g y - a n d - c o r p o r a t e - f i n a n c e / o u r - i n s i g h t s / h o w - c o v i d - 1 9 - h a s - p u s h e d - c o m p a n i e s - o v e r - t h e - t e c h n o l o g y - t i p p i n g - p o i n t - a n d - t r a n s f o r m e d - b u s i n e s s - f o r e v e r

4. 48% HAD TO ACCELERATE CLOUD MIGRATION
DURING THE PANDEMIC
h t t p s : / / w w w . c e n t r i f y. c o m /

5. h t t p s : / / w w w . c e n t r i f y. c o m /
60% ADJUSTED CLOUD CYBERSECURITY
POSTURES AS A RESULT OF DISTRIBUTED
WORKFORCES

6. 60% ADJUSTED CLOUD CYBERSECURITY
POSTURES AS A RESULT OF DISTRIBUTED
WORKFORCES
h t t p s : / / w w w . c e n t r i f y. c o m /
TOP PRIORITIES FOR THE NEXT YEAR:
• 38% SECURING REMOTE WORKFORCE
• 36% USING CLOUD NATIVE SERVICES

7. COVID-19 SECURITY
IMPACT
H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L

8. COVID-19 SECURITY
IMPACT
H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L
250% increase of
cyber-attacks in EU

9. H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L
273% increase of large-scale
breaches in 2020

10. COVID-19 SECURITY
IMPACT
H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L
47% of individuals fall for phishing
scams while working at home

11. COVID-19 SECURITY
IMPACT
H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L
Phishing attacks increased by
350%

12. COVID-19 SECURITY
IMPACT
H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L
February to May 2020 more than 500.000
people globally were affected by breaches
where personal data of video conferencing
users was stolen and sold on the dark web.

13. WHAT ABOUT CLOUD?
H T T P S : / / W W W 2 . D E L O I T T E . C O M / C H / E N / P A G E S / R I S K / A R T I C L E S / I M P A C T - C O V I D - C Y B E R S E C U R I T Y . H T M L

14. INCREASES IN CLOUD WORKLOADS PER REGION
INCREASES IN CLOUD WORKLOADS BY INDUSTRY
H T T P S : / / W W W . P A L O A L T O N E T W O R K S . C O M / R E S O U R C E S / I N F O G R A P H I C S / U N I T 4 2 - C O V I D - 1 9 - A M P L I F I E S - C L O U D - S E C U R I T Y - C H A L L E N G E S

15. VEEAM | 200GB | CUSTOMER DATA |
AWS S3
AWS EC2 | PUBLIC IP | UNSECURE
DATABASE
https://www.venafi.com/blog/7 -data-breaches-caused-human-error-did-encryption-play-role

16. Dev Hero
Repository
(e.g. GitHub
Application Repo
CI/CD Machine(s)
Infrastructure Repo
Pipelines Repo
Pipeline Dev
Pipeline Testing
Pipeline Production
Storage
Account Key

17. OPERATION
AUDIT
LOG
MANAGEMENT
ACCESS
CONTROL
AUTHORIZATION
AUTHENTIFICATION
CLOUD PLATFORM PROTECTION
CLOUD PRODUCT PROTECTION
DATA PROTECTION PRODUCT
CLOUD ENV PROTECTION
PHYSICAL
SECURITY
HW
SECURITY
VRTLZTN
SECURITY
DATA
ENCRYPTION
DATA
RECOVERY
DATA
INTEGRITY
DATA
DISCOVERY
DATA
DESENSITIZATION DLP
DDOS WAF
THREAD
DETECTION

18. WHAT CAN
WE DO?

19. WHAT CAN WE DO?
Limit the use the cloud preview
services and features
Private preview
Public preview
General Availability
NO SLA
NO FORMAL SUPPORT
NO SLA
SLA
FORMAL SUPPORT

20. PRODUCTION &
PERSONAL / SENSITIVE
DATA ENV
WHAT CAN WE DO?
Limit the use the cloud preview
services and features
Private preview
Public preview
General Availability
NO SLA
NO FORMAL SUPPORT
SLA
FORMAL SUPPORT

21. HTTPS://AZURE.MICROSOFT.COM/EN-US/SERVICE
HTTPS://DOCS.MICROSOFT.COM/EN-US/AZURE/SEARCH/SEARCH-API-PREVIEW

22. WHAT CAN WE DO?
MORE:
Education
LESS:
Neglect and ignore
IT
HR
FINANCIAL
…

23. HTTPS://PARTNER.MICROSOFT.COM/EN-US/TRAINING/TRAINING-CENTER
HTTPS://EXPLORE.SKILLBUILDER.AWS/LEARN/SIGNIN

24. WHAT CAN WE DO?
MORE:
Identity and Access Management
LESS:
’Master users’
‘Account master keys/tokens’

25. IAM POLICIES
AZURE AD RBAC
AWS SIGNATURE
AZURE SAS
LIMIT ANONYMOUS PUBLIC READ ACCESS
ENABLE FIREWALL RULES

26. Azure
RBAC
Azure
role-based
access
control
User Group Service
Principal
Managed
Identity
Security Principal
Role
Operation type (R/W/C/D)
Scope
Management Group
Subscription
Resource Group
Resource
Role assignment
Assign a security principal
Assign a scope
Assign a role
Development Group
Contributor
Dev and Playground Resource Group

27. WHAT CAN WE DO?
MORE:
Secrets scanning
LESS:
Assume that the repo is safe

28. Secrets scanning
Protectingyourcode,yoursecrets,youridentity
SCAN COMMITS BEFORE A PUSH
(1)Placegit-secretssomewhereinthePATHtobeeasilyaccessiblebygit
(2)./install.ps1|Commandtoinstallgit-secretsonaWindowsmachine
(3)cd/path/RaduVRepo/IoTHome|Navigatetotherepothatyouwanttoprotect.You
needtodothisactionforeachrepositorythatyouwanttosecure
(4)gitsecretsinstall|Installthetool
(5)gitsecrets-register-azure|RegistertheAzureplugin
(6)gitsecrets-register-aws|RegistertheAWSplugin
(7)gitsecrets-register-gcp|RegistertheGCPplugin

29. Secrets scanning
Protectingyourcode,yoursecrets,youridentity
SCAN COMMITS BEFORE A PUSH
> Reject commits when secrets are detected
PIPELINE INTEGRATION
> Build fail
> Remove secrets
NIGHTLY SCAN
> Remove secrets
> Repository and Pipelines freeze

30. WHAT CAN WE DO?
MORE:
Tracing and monitoring
LESS:
Rely only on app logs

31. Metrics
Logs
Audit
Alerts Dashboards
Metric
Explorer
Azure
Monitor
Advisor &
Service
Health
Activity Log
Application
Insights
Security Center
& Defender
Log
Analytics
Network
Monitoring
Service Map

32. PROCESSED EVENTS DATA PLANE LOGS
CONTROL & MANAGEMENT
LOGS
PROVIDE INFORMATION
ABOUT AZURE RESOURCE
MANAGER CREATE, UPDATE,
AND DELETE OPERATIONS
PROVIDE INFORMATION ABOUT
EVENTS RAISED AS PART OF
AZURE RESOURCE USAGE
PROVIDE INFORMATION ABOUT
ANALYZED EVENTS / ALERTS
THAT HAVE BEEN PROCESSED
ON YOUR BEHALF
Windows Event System, security, and app logs in
a VM and the diagnostics logs that are configured
through Azure Monitor
Azure Security Center alerts where Azure
Security Center has processed and analyzed
your subscription and provides concise
security alerts
Change in a resource configuration,
change of the resource tier size
AZURE MONITORING LOGS
AZURE MONITORING METRICS

33. WHAT CAN WE DO?
MORE:
Integrate the build-in security systems
LESS:
Rely less on custom dashboards

34. Azure
Security
Center
Discover
and
assess
the
security
of
your
workloads
Secure Score
Overall secure score
Security controls
Compliance
Azure CIS
PCI DSS 3.2
ISO 2007
SOC TSP
Custom definition
Azure Defender
Security Alerts
Advance Thread
Protection
Vulnerability
assessment and mng
On-premises and
Azure protection
Inventory
Explore, filter and
enhanced your
resources

35. Azure
Defender
Cloud
workload
protection

36. Azure Advisor
Proactive,actionable,andpersonalizedbestpracticesrecommendations
Reliability
Security
Performance
Cost
Operational Excellence

37. FINAL
THOUGHTS

39. THANK
YOU
@RaduVunvulea