Multi-Cloud Security
MultiCloud.1 A series of posts on multi-cloud security by Teri Radichel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Multi-Cloud Security | AWS Security | Azure Security | GCP & Google Security.
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I’ve been working through a series of building a secure AWS infrastructure from the ground up with not only secure configurations, but proper governance.
But I need to step away to work on a paid project related to multi-cloud security.
Come hang out in October 2023 in Atlanta
In preparation for an upcoming event I’ll be speaking at for IANS Research this year in October 3, 2023 in Atlanta, I’m revisiting this same topic, but I’m going to go a bit deeper. Perhaps I’ll even write and share some code. Come hang out with me and some other top security professionals.
I’m going to talk about some of the features and services that you can use across the major cloud providers to help you with governance. My post are going to be winding as I work through this topic. If you want the executive summary, a more organized take on the topic, or you want to ask me questions, come to the presentation at the forum.
If you have an immediate question, schedule a call with me through IANS Research.
I’ll be posting related stories here as I work through some concepts on multi-cloud security.
Cloud Governance
Governance is really the ticket to risk management and true security in any environment. You need to understand
What is Cloud?
If you need an answer to the “What is Cloud” question, I wrote about that here.
There is no easy button
If you heard me present at IANS Research events last year or your saw my slides presented by someone else, one of the first slides was “There is no easy button.”
Then I essentially proceeded to explain why. Vendors are trying to sell you Cloud Posture Security Management (CSPM) tools and other types of tools to solve all your problems — and those tools are good in some cases.
However, it is not enough to turn on the tools and stare at the pretty dashboards. Do you know what these tools are actually doing?
So much information…
Note that I used to teach a 5 consecutive day class on cloud security to organizations but I can’t even do that in good faith anymore. The topic is too broad and there’s too much to cover to do it justice. Additionally, keeping up with all the content from the cloud providers and keeping the content current is simply not feasible. Now I generally teach security concepts, or one cloud at a time, or governance only across three clouds at a very high level. That seems more appropriate. I also spread out the class so I have time in between each session to review and make sure the material is up to date.
Anything you read here is subject to change. The cloud providers change the names of services, features, screens, and more on a daily basis. I will try to provide links to the content so you can review them for the most up to date guidance, as I usually do in such stories.
Other Cloud Vendors
By the way, yes, I understand other clouds exist. My comment on Ali Baba is that I don’t know if you can be secure on that platform due to Chinese laws, but if you are working in China you might want to use it.
I block traffic from DigitalOcean on my network due to all the scanning coming from that platform. Not sure if I would want those neighbors. That’s why I don’t use it, personally.
IBM and Oracle don’t have enough market share and have had some issues in the past, which is why I am not going to take the time to cover them here, but everything changes over time. IBM and Oracle used to be powerhouses. So I’m not saying they are bad or you shouldn’t use them. Oracle has some application-specific use cases as do some other vendors. The concepts I write about in this series will be applicable to any IAAS cloud platform.
SAAS
I may also touch on SAAS cloud platforms. I wrote about why those are challenging here.
Multi-Cloud Security
Here are some stories I’ve already written on AWS, Azure, and GCP.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab