Embed Size (px)
Citation preview
© 2018 ITC Secure
Dob Todorov, HeleCloud
SECURING YOUR NEW PUBLIC CLOUD
Secure Your New Public Cloud
21st Century ITSecurity
Cloud Security
Shared Responsibility Model
CUSTOMERDATA
PLATFORM & APPLICATIONMANAGEMENT
OPPERATING SYSTEM, NETWORK, & FIREWALL CONFIGURATION
CLIENT-SIDE DATA ENCRYPTION & DATA INTEGRITYAUTHENTICATION
SERVER-SIDE ENCRYPTION (FILE SYSTEM AND/OR DATA)
NETWORK TRAFFIC PROTECTION (ENCRYPTION/INTEGRITY/IDENTITY)
OPTIONAL –OPAQUE DATA: 0S & 1S (IN TRANSIT/ATREST)
FOUNDATIONSERVICES
AWS GLOBALINFRASTRUCTURE
AW
S EN
DP
OIN
TS
AWS
IAMCU
STOM
ERIAM
COMPUTE STORAGE DATABASES NETWORKING
REGIONSAVAILABILITY
ZONESEDGE
LOCATIONS
Managed by AWSCustomers
Managed byAmazon WebServices
Shared Responsibility Model
CUSTOMER DATA
PLATFORM & APPLICATIONMANAGEMENT
OPPERATING SYSTEM, NETWORK, & FIREWALL CONFIGURATION
CLIENT-SIDE DATA ENCRYPTION & DATA INTEGRITYAUTHENTICATION
SERVER-SIDE ENCRYPTION (FILE SYSTEM AND/OR DATA)
NETWORK TRAFFIC PROTECTION (ENCRYPTION/INTEGRITY/IDENTITY)
OPTIONAL –OPAQUE DATA: 0S & 1S (IN TRANSIT/ATREST)
FOUNDATIONSERVICES
AWS GLOBALINFRASTRUCTURE
AW
S EN
DP
OIN
TS
AWS
IAMCU
STOM
ERIAM
COMPUTE STORAGE DATABASES NETWORKING
REGIONSAVAILABILITY
ZONESEDGE
LOCATIONS
Managed by AWSCustomers
Managed byAmazon WebServices
Security IN theCloud
Security OF theCloud
MORE VISIBILITY MORE CONTROL
MORE AUDITABILITY MOREAGILITY
Security is Visible
Who is accessing the resources?
Who took what action?
▪ When?
▪ From where?
▪ What did they do?
▪ Logs Logs Logs
EVERYTHING IS AN APICALL.
EVERYTHING GENERATESLOGS.
TERABYTES OF LOGS ADAY…
21st Century ITSecurity
Intelligent Security
Protect Sensitive Data: Macie
Protect Sensitive Data: Macie
AWS Shield: Managed DDoSProtection
CloudWatch Alert: More than 1,000
Open Connections to ELB from a single IP
Log an incident
WAF Rule: block source
Wait 1hour
Remove WAFRule
AWSWAF
AWSELB
S3 Evidence Repository
ForensicsSave Logs
CloudWatch
Automated Incident Response: DDoS Attack
Intelligent Threat Detection: GuardDuty
Intelligent Threat Detection: GuardDuty
Cloud is Simply Better: PersonalData Protection & GDPR
Automated Incident Response: Infected Instance
Guard DutyReport:Instance ID
i-1234567890abcdef0
Log an incident
Isolate the Instance from the
network
Shut down instance
S3 Evidence Repository
MemoryDump
Disk Dump
Forensics
Establishing Secure Cloud Services
ISO27001 PCI/DSS
PersonalData Protection
CSP
Com
plia
nce,
Th
reat
and
Gap
A
naly
sis
Secu
rity
St
rate
gyD
esig
n
Secu
rity
P
rogr
amm
e
Des
ign
Secu
rity
P
layb
oo
k
Imp
lem
en
tati
on
&Te
stin
g
Secure &
Compliant Cloud
Systems &
Applications
Risk
Management
Security
Operations &
Management
Legacy Cloud
Systems &
Applications
Cloud
SecurityConsiderations
PREPARE
PREVENT
DETECT
RESPOND
HeleCloud Company Overview
Maidenhead, UK1Bell Street, Maidenhead, Berkshire, SL6 1BU,UK,
+44 20 [email protected]
Thank you!
