Compliance in the Cloud

How to Secure Identities and Meet Regulatory Requirements

Mason Takacs

Compliance and security expert

Agenda

• Cloud security challenges

• Cloud providers responsibility

• AWS, Google, Microsoft Azure

• Compliance in the cloud

• Netwrix Auditor functionality

Cloud Security Challenges

* RedLock CSI Report 2018

CLOUD SECURITY INCIDENTS

Did your organization experience a cloud related security incident in the last 12 months?*

YES

18%

NO

64%

NOT SURE

18%

YES NO NOT SURE

Cloud Security Holes

Hacked interfaces

and APIs

Exploited system

vulnerabilities

Cloud service

abuses

DoS attacks Cryptojacking

Compromised Credentials and Broken Authentication

Enable multifactor authentication

Educate of your colleagues

Enable digital signatures

Disable inactive accounts

Audit for changes your IT environment

Qwerty123

Password invented in 2003

Stale accounts

Malicious Insiders

• Anomalous users’ behavior

• Suspicious activity:

? massive data deletions

? high number of access attempts

? numerous logon attempts

• Least-privilege principle

• Role-based access

Advanced Persistent Threat (APT) Parasite

Back door attacks

Outbound Traffic Cryptojacking

of resources do not restrict

outbound traffic at all*

85%

of organizations had cryptojacking

activity within their environments

25%

• Implement a “deny all” default outbound firewall policy

• Monitor network traffic to identify any suspicious activities including cryptojacking

• Monitor user activity for any unusual or abnormal behavior, such as unusual attempts to spin off new compute instances

Tips:

* RedLock CSI Report 2018

Cloud Providers Responsibility

Organization Cloud Service Provider

Responsible for

security in the cloud

Responsible for

security of the cloud

Cloud Providers Responsibility

Questions to the cloud provider:

• Where are the servers located?

• What policies for data storage and deletion does the cloud provider use?

• Which security and analytics tools are used to better safeguard customer data?

• How are security incidents, data breaches or service disruptions are going to be handled?

• What are the recovery procedures?

Before you sign a contract:

• What’s provider’s liability?

• How will the responsibility for security be divided between you and the provider?

• How often can you update the contract?

• Which audit and control processes should be applied?

• Do you have the permission to monitor provider’s compliance?

• How is the maintenance of data confidentiality organized?

Top Cloud Providers

* RedLock CSI Report 2018

What cloud IaaS provider(s) do you currently use or plan to use in the future?*

47%

50%

54%

67%

71%

72% 28%

29%

33%

46%

50%

53%

Cloud Providers Comparison

Elastic Compute Cloud

Elastic File System (EFS)

Storage Gateway

AWS Security Groups

Network ACLs

VPC Flow Logs

Virtual Servers

Shared File Storage

Backup-as-a-Service

Hybrid Storage

Cloud Security Groups –Subnet Level

Cloud Security Groups –VNIC Level

Subnet Access Lists

Traffic Tracking

Virtual Machines (VM)

File Storage

Backup

Avere, StoreSimple

Azure Network Security Groups

Azure Network Security Groups

Endpoint ACLs

Network Watcher

Google Compute Engine

Firewall Rules

VPC Flow Logs

Cloud Providers Comparison

Elastic MapReduce (EMR)

Kinesis

QuickSight

Elastic Search Service, Cloud Search

Glue

Simple Email Service (EMS)

Simple Notification Service

Big Data Processing

Analytics

Visualization

Search

Data Discovery

Email

Notification

HD Insight

Stream Analytics, Data LakeAnalytics, Data Lake Store

PowerBI

Search

Data Factory, Data Catalog

Alerts

Cloud Dataproc

Cloud Dataflow

Cloud Datalab, Data Studio (Beta)

Cloud Dataflow

Stackdriver Notifications

Cloud Providers Comparison

Identity and Access Management (IAM)

Organizations

Key Management Service,CloudHSM

Web Application Firewall

Inspector

AWS GuardDuty

AD Connector, Simple AD, Microsoft AD

Authentication & Authorization

Multi-AccountManagement

Encryption

Firewall

Security Assessment

Threat Protection

Directory

Azure AD/Role-basedAccess Control

Management Groups

Key Vault

Application Gateway,Web Application Firewall

Security Center

Advanced Threat Protection

Azure AD, Azure AD B2C, Azure Ad Domain Services

Cloud Identity and Access Management

Cloud Key Management Service

Cloud Security Scanner

Cloud Security Command Center

Cloud Directory Sync

The Latest “Native” Cloud Security Services

2015 2016 2017 2018 2019

Azure Security Center

Azure Advanced Threat Detection

AWS Guard Duty

Google Cloud Security

Command Center

Missing Functionality

Ability to customize detection parameters

A detailed list of anomalous detection capabilities is not yet available

Potential delay in reporting from agent deployment

Сustom threat/IP feeds to aid in improving detection accuracy

Azure Security Center

Missing Functionality

AWS Guard Duty

Ability to adjust settings parameters

Custom detection capability in the native analytics engine/flow

API ability to create custom findings

Unified security dashboard and workflow for all AWS Security services

Missing Functionality

Google Cloud Security Command Center

Customization of settings and detections

Ability to add custom detections into the native flow

Security detections for all GCP services

Integrated native notifications and alerts

Compliance in the Cloud

of databases are not

encrypted

49%

of CIS compliance

checks fail

30%

* RedLock CSI Report 2018

of organizations fail NIST CSF

compliance assessments*

23%

Compliance in the Cloud

? Where is your data stored?

? Who is going to control access to it?

? Who has access to your sensitive date?

? Do you have employees that manage the infrastructure

for you?

? Is it internal or external personnel?

? If you use a public cloud how secure is that cloud

platform?

? Is the cloud going to be segregated from other

organizations' data?

Compliance in the Cloud

Implement access

controls properly

What data will be

moved to the cloud

CSP’s incident

response plan

Safeguards and

benchmarks

Data Discovery

and Classification

Netwrix AuditorVisibility platform for user behavior analysis

and risk mitigation

Useful links

Online TestDrive: experience Netwrix Auditor with no

download or installation required

https://www.netwrix.com/browser_demo.html

Live One-to-One Demo: product tour with Netwrix expert

netwrix.com/livedemo

Contact Sales to obtain more information:

netwrix.com/contactsales

If you want to learn more about Netwrix Auditor, register now for the upcoming product demo: netwrix.com/webinars.html

Questions?

www. .com

Thank you!

Mason Takacs

Mason.Takacs@netwrix.com