July 15, 2022

Cloud Security Orienteering

A presentation on how one can quickly get familiar with new cloud environments and accelerate the process of identifying security issues and addressing them.

Introduction

Move to the cloud is on the rise, but the observed cloud adoption patterns indicate that in this transformation, security has been trailing behind more often than not. While starting the security of a new cloud environment, it is essential to be able to quickly grasp the current state, identify risks, and chart out an action plan to address security.

This video has been presented by Rami McCarthy. Rami is a security professional and has conducted a number of security assessments in his career. He holds certifications like CCSK and AWS Certified Security - Speciality. He has been a core contributor to ScoutSuite and sadcloud.

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud. 

What to expect from this video

Following topics have been covered in this video:

  1. Cloud Adoption Patterns
  2. Cloud Architecture
  3. Principles of Orienteering
  4. Corporate Archeology
  5. Hierarchy of discovery
  6. Discovering your environments, workloads, and resources
  7. Prioritizing what’s important in the cloud
  8. Prioritization of misconfigurations
  9. Blanket AWS hardening recommendations
  10. What does fixing things look like

Key Takeaways

Cloud adoption has been on the rise, but since cloud is still fairly new, one may often find themselves in environments that may not be very well architected and security may be trailing far behind. In such a situation it is essential to be able to find your way around the cloud environment quickly and figure out the next steps towards identifying and addressing the security gaps.

This video introduces you to cloud security orienteering and presents a methodology that can help one rapidly orient to the new cloud environment when tasked with its security. Cloud adoption patterns clearly indicate that in this race to move to cloud, security trails behind. In this video, the presenter explains the principles that can be followed to get a cloud environment from its current state to a target secure state using examples from AWS, though the principles are applicable to almost any cloud environment.

***

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

Written by:
Pragti Chauhan

Pragti Chauhan

Technical Account Manager Cloud Solutions Expert

Pragti is a security professional with 7 years of experience working in different areas such as cloud security, SIEM technology, and DevSecOps.

Read more