Observability In the original postwe defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive into the topic of 🔍 Observability. ❓ How would you approach the implementation of the following?– Implement Centralized Logging (from cloud services and applications);– Configure Alerts on Critical and High Impact VMS Events. 💪 Here...
Cloud Security Series #9
Antivirus Scanning and Security Patching In the original post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive into the topic of 🎯 Vulnerability Management. See– Part 1: Hosts– Part 2: Containers to learn about hardening pipelines for AMIs and container images, and– Part 3: Scanning at Runtime...
Cloud Security Series #8
Vulnerability Scanning at Runtime 🎯 Vulnerability Management System (“VMS”). Part 3: Scanning at Runtime. In the original post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive into the topic of 🎯 Vulnerability Management. See Part 1: Hosts and Part 2: Containers to learn about hardening pipelines for...
Cloud Security Series #7
Vulnerability Management System. Part 2: Containers In the original post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive into the topic of 🎯 Vulnerability Management. See Part 1: Hosts to learn about hardening pipelines for virtual host images (AMIs). ❓ How would you approach the implementation of...
Cloud Security Series #6
Vulnerability Management System (“VMS”) In the original post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive into the topic of 🎯 Vulnerability Management. ❓ How would you approach the implementation of the following?– Scan container images, applications, hosts for Vulnerabilities;– Perform Regular Host and Container Security Patching...
Cloud Security Series #5
Data Backup and Recovery In the original post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive into the topic of 📦 Data Backup and Recovery. ❓ How would you approach the implementation of the following?– Establish Data Classification and Data Retention Policies;– Establish Data Backup and Recovery...
Cloud Security Series #3
Deny by Default, Allow by Exception In the original post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Today we will look into specifics of the Administrative Tasks aimed to protect your cloud infrastructure from the external threats. ❓ How would you approach the implementation of the following?– Block Unused Services, Resources,...
Cloud Security Series #2
Access Control In the previous post we defined steps to implement a bullet-proof Cloud Infrastructure Security Posture. Now it’s time to dive deep into every topic, and let’s start with 🔐 Access Control. ❓ How would you approach the implementation of the following controls?– Establish Centralized Infrastructure Access (User Directory, SSO);– Implement Role-Based / Permission-based...
Cloud Security Series #1
What’s a Security Posture? Wonder what’s goes in Cloud Infrastructure Security? Years of experience helped me to put together this, quite comprehensive, list. 1. Access Control – Establish Centralized Infrastructure Access (User Directory, SSO);– Implement Role-Based / Permission-based Access Control;– Leverage Principle of Least Privilege when establishing and authorizing access; 2. Administrative Tasks – Block...