cloud security
play

Cloud Security An IAM GAME Nathaniel Beckstead whoami I am here - PowerPoint PPT Presentation

Jan 10, 2023 •779 likes •1.12k views

Cloud Security An IAM GAME Nathaniel Beckstead whoami I am here because I love to give presentations. @scriptingislife https:/ /scriptingis.life https:/ /glimpseid.com 2 What is the cloud? 3 What is the cloud? 4 What is the cloud? 5

  1. Cloud Security An IAM GAME Nathaniel Beckstead

  2. whoami I am here because I love to give presentations. @scriptingislife https:/ /scriptingis.life https:/ /glimpseid.com 2

  3. What is the cloud? 3

  4. What is the cloud? 4

  5. What is the cloud? 5

  6. “Definitions” ▪ EC2 - Virtual Machine but in the cloud ▪ S3 - Key-value storage (mostly for files) ▪ DynamoDB - NoSQL database 6

  7. 7

  8. Why is it so hard to secure? ▪ It’s not 8

  9. 9

  10. What’s different about the cloud? ▪ Speed ▪ IaaS, PaaS, SaaS ▪ No rules! 10

  11. https://www.episerver.com/learn/resources/blog/fred-bals/pizza-as-a-service/ 11

  12. What is IAM? ▪ Identity and Access Management ▪ Users, API Keys, Roles, Policies ▪ Omnipresent in the cloud 12

  13. Roles ▪ Like a user, but can be assumed by anyone who needs it. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html 13

  14. Roles 14

  15. Policies ▪ Defines permissions for an action. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#targetText=Policies%20and%20Permissio ns,or%20resource%2C%20defines%20their%20permissions. 15

  16. Access Keys ▪ Used for programmatic access 16

  17. https://blog.trendmicro.com/the-code-spaces-nightmare/ 17

  18. Why is IAM so hard? ▪ It’s complicated. 18

  19. Why is IAM so hard? 19

  20. Why is IAM so hard? 20

  21. Why is IAM so hard? 21

  22. Why is IAM so hard? 22

  23. Why is IAM so hard? 23

  24. Why is IAM so hard? 24

  25. Why is IAM so hard? ▪ It’s preventive. Every developer using the cloud. (Circa 2019) 25

  26. AWS Metadata Service 26

  27. AWS Metadata Service 27

  28. Capital One ▪ Some application was vulnerable to SSRF ▪ WAF let SSRF through ▪ Role had read access to all S3 buckets 28

  29. What is the solution? ▪ Cloud is special ▪ Least privilege is best privilege ▪ Monitor API key usage ▪ Automate, automate, automate 29

  30. Least Privilege in AWS AWS Access Advisor 30

  31. https:/ /expel.io/blog/ Resources https:/ /flaws.cloud https:/ /flaws2.cloud

  32. Questions? 32

Recommend

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &

594 views • 21 slides
Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

psrikanth@bitglass.com Booth #450 Surviving the Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth #450 Time Travel to 2004 Virtual Private Server Dedicated Server Shared Hosting Cloud Booth

498 views • 14 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides
Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Security in the Age of Cloud Kaushik Narayan CTO, Cloud Business Unit CASB Connect MVISION

Security in the Age of Cloud Kaushik Narayan CTO, Cloud Business Unit CASB Connect MVISION

Security in the Age of Cloud Kaushik Narayan CTO, Cloud Business Unit CASB Connect MVISION Cloud Innovation Pre- and Post-Acquisition Acquisition announced Expansion to IaaS Skyhigh API control: Sanctioned Apps Networks Custom Apps

565 views • 30 slides
Security, IAM AWS sh shared red res espon ponsib sibility ility mo model el Portland

Security, IAM AWS sh shared red res espon ponsib sibility ility mo model el Portland

Security, IAM AWS sh shared red res espon ponsib sibility ility mo model el Portland State University CS 430P/530 Internet, Web & Cloud Systems Cloud ud se security urity In this course, security "in-the-cloud" via

445 views • 28 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
For personal use only Firstwave Cloud Technology Limited (FCT) FY19 Results FCTs Cloud

For personal use only Firstwave Cloud Technology Limited (FCT) FY19 Results FCTs Cloud

For personal use only Firstwave Cloud Technology Limited (FCT) FY19 Results FCTs Cloud Content Security Platform (CCSP) is a unique SaaS email, web & firewall security services orchestration platform for Telco / Service Providers that

883 views • 25 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
beyond the technology privacy, trust and security in the cloud disclaimers about me age of the

beyond the technology privacy, trust and security in the cloud disclaimers about me age of the

beyond the technology privacy, trust and security in the cloud disclaimers about me age of the cloud BLOOMBERG FORBES BAIN AND COMPANY the other side of the coin beyond the technology ZDNET FORTUNE beyond the technology WIRED MASHABLE

904 views • 45 slides
For personal use only Cloud security through cloud gateway intelligence FCT July Update Innovate

For personal use only Cloud security through cloud gateway intelligence FCT July Update Innovate

For personal use only Cloud security through cloud gateway intelligence FCT July Update Innovate Create Execute July 2017 1 For personal use only AGENDA Executive Summary Steve OBrien, MD Financial & Operational Update

549 views • 30 slides
Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

SEC204-S Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The cloud simplifies security. The cloud simplifies security. * When you understand how it works

1.76k views • 163 slides

More recommend