The public cloud expansion is a reality and maintaining fences up is not easy. Come learn about AWS/Azure/GCP organization rules, policies and best practices to avoid potential threats that help to enforce good practices and avoid potential issues and misconfigurations.
In this webcast, Moises will cover how to:
- - Allow new accounts, subscriptions, or project to start with security practices in place
- - Reduce the risk that shadow IT could grow without security policies and good practices
- - Enforce security good practices even if users try to resist it
- - Maintain cloud environments aligned with legal and privacy requirement
Final Thoughts - Toolbox !
- Prowler - github.com/toniblyx/prowler
- Cloud Custodian - cloudcustodian.io
- CheckOV - checkov.io
- CloudSploit - cloudsploit.com
- rcentry - arcentry.com
- Falco - falco.org
- ScoutSuite - github.com/nccgroup/ScoutSuite
Final Thoughts - References!
- CIS Benchmarks - cisecurity.org
- Cloud Security Alliance - cloudsecurityalliance.org
- OWASP - owasp.org
- NIST - nist.gov
- ENISA - www.enisa.europe.eu
- Each cloud provider has well-architecture guide