US Military Cloud Email Data Breach
SANS Cloud Security
The most trusted source of cloud security training, certification, and research.
As the US Department of Defense is managing their recent breach, cloud security architect expert,?David Hazar shares thoughts on how you can avoid a similar breach. "It is unfortunate that we continue to be plagued by misconfigurations in our cloud environments. This is why sound architecture and design when implementing our cloud infrastructure is so important.
"For email platforms, should we be setting up and hosting our own servers, or should we rely on cloud platforms? Hard to say, we have seen issues with both of these models over the last few years. We definitely should be tracking all of our publicly exposed services and responding quickly when changes open up more of our resources to the Internet. We can also look at different deployment models. While it is easy to set up a VNet or VPC with an Internet Gateway and secure servers with security groups, is there a better approach that provides some additional protection? While security groups are stateful software-defined firewalls that do provide protection and isolation, should we take a more layered approach to add some additional protection in case one of the layers is misconfigured?
The hub and spoke networking models for the cloud, when combined with firewall services, can provide that extra layer of protection. With these models, we may only have one entry point and exit point from our cloud environments. This allows us to implement centralized control with firewall services while still having the decentralized control offered by security groups. In this model, opening up a server to inbound access from the internet is not something that happens by mistake. There are specific load balancer or firewall translation rules that need to be put in place. This is not true for the average cloud environment where public subnets are the default."
Read the full article at US Military Cloud Email Data Breach?
Free Curated Cloud Security Resources
Cloud Security Architecture | Cheat Sheets
Explore this 4-cheat sheet series created by Kat Traxler and Eric Johnson to diagram various cloud security architectures including:
Explore Additional Cloud Security Posters and Cheat Sheets
Aviata Cloud Hands-On Workshop Series | Solo Flight Challenge
Master hands-on cloud security skills through this free 2024 workshop series that the entire SANS Cloud Security faculty is putting together for the community!
Aviata Cloud has embarked on a solo flight journey around the globe only to discover their nemesis, Baron Von Herrington and Co. is lurking in the shadows to sabotage them at every turn. Your hands-on cloud security skills can save the mission, defeat the enemy, and win the challenge!
The adventures of the Aviata Cloud company and our SANS Cloud Security workshop series will run monthly from April through December 2024.
Register for Chapter 1: Making Mistakes Publicly, Cloud Edition | Tues April 16 at 10am ET | 1500UTC with Moses Frost.
Breaking the Cloud Kill Chain | Webcast
Organizations are moving data and applications into public cloud services at a rapid pace. As the public cloud footprint expands, red teams and attackers are reinventing the kill chain in the cloud. Public cloud services provide new, creative ways to discover assets, compromise credentials, move laterally, and exfiltrate data. In this webcast, Eric Johnson explores common cloud attack techniques from the MITRE ATT&CK Cloud Matrix. For each technique, he analyzes misconfigurations, exploitation paths, and common architecture patterns for breaking the kill chain.
Design It Right From the Start with Hands-On Training
Cloud Security Architecture | SEC549
This cloud security training course helps security architects?design public cloud solutions for scaling enterprise identity, network perimeters, data perimeters, and logging facilities.
"The problems we talk about are some that I face in my job every day or know I will face shortly. Getting definitive answers for many of these issues is very helpful for me. Getting years of experience from the instructors and what they have worked on is invaluable." - Patrick Haughney
Become a SANS Cloud Ace Architect | Career Path
Looking to become a Cloud Security Architect? Here’s how:
SANS CloudSecNext 2024 | Summit + Training
Summit:?Sept 30-Oct 1 | Denver, CO & Free Live Online
Training: Oct 2-7 | Denver, CO & Live Online
Why Should You Come to Denver, CO?
Summit Chairs: Eric Johnson & Frank Kim
View the 2023 CloudSecNext Summit talks on our YouTube Channel.
Visit the SANS Cloud Security Curriculum Page | Preview SANS Courses | Connect with Our Solutions Team | Join the SANS Community