SlideShare ist ein Scribd-Unternehmen logo

Cloud Computing Security Best Practices

Als PPTX, PDF herunterladen
Anshul Patel
Anshul Patel

The presentation contains steps to secure the data and computing instances in the public cloud.

Internet
1 von 5
Cloud Computing Security Anshul Patel
Security Classification ● Cloud Computing Instance Security ● Cloud Networking Security ● Cloud Storage Security
Cloud Computing Instance Security ● CLI access to computing instance should be done via Bastion server. ● CLI access to computing instance should be key based authentication and not password based. ● CLI access to computing instance should be encrypted and over secure protocol. ● Users should access the computing instance with their corresponding key. ● LTS releases of Operating System should be used. ● Periodic security patches should be applied via Configuration Management. ● For critical hosts, HIDS should be implemented.
Cloud Networking Security ● Applications/Platforms should have their corresponding subnets. ● Only Public facing Applications/Platforms should be in public subnets. (DMZ) ● Non-Public facing Applications/Platforms should be in private subnets with access to NAT gateway. ● Computing Instance Firewall should allow traffic from desired ports and hosts only. ● Sensitive information should always be transferred over SSL over public network.
Cloud Storage Security ● Sensitive information should be encrypted and stored at rest. ● Access to data should be either role based or policy based. ● Only targeted audience should be able to access the data. ● API keys, application passwords, certificates should be stored in Key Management System. ● Access (Read/Write) to sensitive data should be logged. ● Sensitive data should be replicated.

Empfohlen

Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Anshul Patel
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Anshul Patel
 
Changing the world with ZeroVM and Swift
Changing the world with ZeroVM and SwiftChanging the world with ZeroVM and Swift
Changing the world with ZeroVM and SwiftJakub Krajcovic
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Case Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleCase Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleTeK Charnsilp Chinprasert
 
Luigi Hostplumber intro slide.pptx (1).pdf
Luigi Hostplumber intro slide.pptx (1).pdfLuigi Hostplumber intro slide.pptx (1).pdf
Luigi Hostplumber intro slide.pptx (1).pdfLibbySchulze
 
end-to-end-encryption-enroute-linkerd (1).pdf
end-to-end-encryption-enroute-linkerd (1).pdfend-to-end-encryption-enroute-linkerd (1).pdf
end-to-end-encryption-enroute-linkerd (1).pdfLibbySchulze
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfKubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfLibbySchulze
 

Empfohlen

Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Anshul Patel
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Anshul Patel
 
Changing the world with ZeroVM and Swift
Changing the world with ZeroVM and SwiftChanging the world with ZeroVM and Swift
Changing the world with ZeroVM and SwiftJakub Krajcovic
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Case Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleCase Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleTeK Charnsilp Chinprasert
 
Luigi Hostplumber intro slide.pptx (1).pdf
Luigi Hostplumber intro slide.pptx (1).pdfLuigi Hostplumber intro slide.pptx (1).pdf
Luigi Hostplumber intro slide.pptx (1).pdfLibbySchulze
 
end-to-end-encryption-enroute-linkerd (1).pdf
end-to-end-encryption-enroute-linkerd (1).pdfend-to-end-encryption-enroute-linkerd (1).pdf
end-to-end-encryption-enroute-linkerd (1).pdfLibbySchulze
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfKubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfLibbySchulze
 
Build your First IoT Application with IBM Watson IoT
Build your First IoT Application with IBM Watson IoTBuild your First IoT Application with IBM Watson IoT
Build your First IoT Application with IBM Watson IoTJanakiram MSV
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyNGINX, Inc.
 
DevOps and OpenStack December 2012
DevOps and OpenStack December 2012DevOps and OpenStack December 2012
DevOps and OpenStack December 2012Matt Ray
 
Cinder Updates - Liberty Edition
Cinder Updates - Liberty Edition Cinder Updates - Liberty Edition
Cinder Updates - Liberty Edition OpenStack Foundation
 
Kubernetes integration with ODL
Kubernetes integration with ODLKubernetes integration with ODL
Kubernetes integration with ODLPrem Sankar Gopannan
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX, Inc.
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Cloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesCloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesAWS Vietnam Community
 
Meetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
Meetup 22 - 04 - Logging and Monitoring at scale on KubernetesMeetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
Meetup 22 - 04 - Logging and Monitoring at scale on KubernetesVietnam Open Infrastructure User Group
 
Microservices - The good, The bad, The does and The don'ts
Microservices - The good, The bad, The does and The don'tsMicroservices - The good, The bad, The does and The don'ts
Microservices - The good, The bad, The does and The don'tsFrederik Mogensen
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack CinderSean McGinnis
 
How to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeHow to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeNGINX, Inc.
 
OpenStack Contribution Workflow
OpenStack Contribution WorkflowOpenStack Contribution Workflow
OpenStack Contribution WorkflowSean McGinnis
 
Mastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesMastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesRoozbeh Shafiee
 
6 open stack_swift_panoramic_view
6 open stack_swift_panoramic_view6 open stack_swift_panoramic_view
6 open stack_swift_panoramic_viewopenstackindia
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016Apcera
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersKuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersAntoni Segura Puimedon
 
Open stack wtf_(1)
Open stack wtf_(1)Open stack wtf_(1)
Open stack wtf_(1)Ilya Sviridov
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded LinuxLinuxCon ContainerCon CloudOpen China
 
IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTTHiveMQ
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Build your First IoT Application with IBM Watson IoT
Build your First IoT Application with IBM Watson IoTBuild your First IoT Application with IBM Watson IoT
Build your First IoT Application with IBM Watson IoTJanakiram MSV
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyNGINX, Inc.
 
DevOps and OpenStack December 2012
DevOps and OpenStack December 2012DevOps and OpenStack December 2012
DevOps and OpenStack December 2012Matt Ray
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX, Inc.
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Cloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesCloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesAWS Vietnam Community
 
Microservices - The good, The bad, The does and The don'ts
Microservices - The good, The bad, The does and The don'tsMicroservices - The good, The bad, The does and The don'ts
Microservices - The good, The bad, The does and The don'tsFrederik Mogensen
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack CinderSean McGinnis
 
How to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeHow to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeNGINX, Inc.
 
OpenStack Contribution Workflow
OpenStack Contribution WorkflowOpenStack Contribution Workflow
OpenStack Contribution WorkflowSean McGinnis
 
Mastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesMastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesRoozbeh Shafiee
 
6 open stack_swift_panoramic_view
6 open stack_swift_panoramic_view6 open stack_swift_panoramic_view
6 open stack_swift_panoramic_viewopenstackindia
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016Apcera
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersKuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersAntoni Segura Puimedon
 

Was ist angesagt? (20)

Build your First IoT Application with IBM Watson IoT
Build your First IoT Application with IBM Watson IoTBuild your First IoT Application with IBM Watson IoT
Build your First IoT Application with IBM Watson IoT
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
 
DevOps and OpenStack December 2012
DevOps and OpenStack December 2012DevOps and OpenStack December 2012
DevOps and OpenStack December 2012
 
Cinder Updates - Liberty Edition
Cinder Updates - Liberty Edition Cinder Updates - Liberty Edition
Cinder Updates - Liberty Edition
 
Kubernetes integration with ODL
Kubernetes integration with ODLKubernetes integration with ODL
Kubernetes integration with ODL
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Cloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesCloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for Kubernetes
 
Meetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
Meetup 22 - 04 - Logging and Monitoring at scale on KubernetesMeetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
Meetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
 
Microservices - The good, The bad, The does and The don'ts
Microservices - The good, The bad, The does and The don'tsMicroservices - The good, The bad, The does and The don'ts
Microservices - The good, The bad, The does and The don'ts
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product Overview
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
 
How to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeHow to Adopt Infrastructure as Code
How to Adopt Infrastructure as Code
 
OpenStack Contribution Workflow
OpenStack Contribution WorkflowOpenStack Contribution Workflow
OpenStack Contribution Workflow
 
Mastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesMastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple Architectures
 
6 open stack_swift_panoramic_view
6 open stack_swift_panoramic_view6 open stack_swift_panoramic_view
6 open stack_swift_panoramic_view
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersKuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
 
Open stack wtf_(1)
Open stack wtf_(1)Open stack wtf_(1)
Open stack wtf_(1)
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 

Ähnlich wie Cloud Computing Security Best Practices

IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTTHiveMQ
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud ADVA
 
Shape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceShape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceDevOps Indonesia
 
Securing application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsSecuring application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsBinu Ramakrishnan
 
Implementing the 5 Pillars of IT Security for MQTT
Implementing the 5 Pillars of IT Security for MQTTImplementing the 5 Pillars of IT Security for MQTT
Implementing the 5 Pillars of IT Security for MQTTHiveMQ
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQHiveMQ
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-inSakari Hoisko
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-inKai Jokiniemi
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 

Ähnlich wie Cloud Computing Security Best Practices (20)

IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTT
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Shape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceShape your remote connection to your GCE instance
Shape your remote connection to your GCE instance
 
Securing application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsSecuring application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environments
 
Implementing the 5 Pillars of IT Security for MQTT
Implementing the 5 Pillars of IT Security for MQTTImplementing the 5 Pillars of IT Security for MQTT
Implementing the 5 Pillars of IT Security for MQTT
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
CipherGraph Cloud VPN
CipherGraph Cloud VPNCipherGraph Cloud VPN
CipherGraph Cloud VPN
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
 
The Perimeter Is Dead
The Perimeter Is DeadThe Perimeter Is Dead
The Perimeter Is Dead
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 

Mehr von Anshul Patel

Chaos engineering with Litmus Chaos Framework
Chaos engineering with Litmus Chaos FrameworkChaos engineering with Litmus Chaos Framework
Chaos engineering with Litmus Chaos FrameworkAnshul Patel
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker FundamentalsAnshul Patel
 
Chaos Engineering with Gremlin Platform
Chaos Engineering with Gremlin PlatformChaos Engineering with Gremlin Platform
Chaos Engineering with Gremlin PlatformAnshul Patel
 
Linux Operating System Fundamentals
Linux Operating System FundamentalsLinux Operating System Fundamentals
Linux Operating System FundamentalsAnshul Patel
 
Building CLI Applications with Golang
Building CLI Applications with GolangBuilding CLI Applications with Golang
Building CLI Applications with GolangAnshul Patel
 
Meetup on Apache Zookeeper
Meetup on Apache ZookeeperMeetup on Apache Zookeeper
Meetup on Apache ZookeeperAnshul Patel
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAnshul Patel
 

Mehr von Anshul Patel (8)

Chaos engineering with Litmus Chaos Framework
Chaos engineering with Litmus Chaos FrameworkChaos engineering with Litmus Chaos Framework
Chaos engineering with Litmus Chaos Framework
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
 
Chaos Engineering with Gremlin Platform
Chaos Engineering with Gremlin PlatformChaos Engineering with Gremlin Platform
Chaos Engineering with Gremlin Platform
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos Engineering
 
Linux Operating System Fundamentals
Linux Operating System FundamentalsLinux Operating System Fundamentals
Linux Operating System Fundamentals
 
Building CLI Applications with Golang
Building CLI Applications with GolangBuilding CLI Applications with Golang
Building CLI Applications with Golang
 
Meetup on Apache Zookeeper
Meetup on Apache ZookeeperMeetup on Apache Zookeeper
Meetup on Apache Zookeeper
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup Talentica
 

Kürzlich hochgeladen

Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 

Kürzlich hochgeladen (17)

Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 

Cloud Computing Security Best Practices

  • 2. Security Classification ● Cloud Computing Instance Security ● Cloud Networking Security ● Cloud Storage Security
  • 3. Cloud Computing Instance Security ● CLI access to computing instance should be done via Bastion server. ● CLI access to computing instance should be key based authentication and not password based. ● CLI access to computing instance should be encrypted and over secure protocol. ● Users should access the computing instance with their corresponding key. ● LTS releases of Operating System should be used. ● Periodic security patches should be applied via Configuration Management. ● For critical hosts, HIDS should be implemented.
  • 4. Cloud Networking Security ● Applications/Platforms should have their corresponding subnets. ● Only Public facing Applications/Platforms should be in public subnets. (DMZ) ● Non-Public facing Applications/Platforms should be in private subnets with access to NAT gateway. ● Computing Instance Firewall should allow traffic from desired ports and hosts only. ● Sensitive information should always be transferred over SSL over public network.
  • 5. Cloud Storage Security ● Sensitive information should be encrypted and stored at rest. ● Access to data should be either role based or policy based. ● Only targeted audience should be able to access the data. ● API keys, application passwords, certificates should be stored in Key Management System. ● Access (Read/Write) to sensitive data should be logged. ● Sensitive data should be replicated.