US Military Cloud Email Data Breach

As the US Department of Defense is managing their recent breach, cloud security architect expert,?David Hazar shares thoughts on how you can avoid a similar breach. "It is unfortunate that we continue to be plagued by misconfigurations in our cloud environments. This is why sound architecture and design when implementing our cloud infrastructure is so important.

"For email platforms, should we be setting up and hosting our own servers, or should we rely on cloud platforms? Hard to say, we have seen issues with both of these models over the last few years. We definitely should be tracking all of our publicly exposed services and responding quickly when changes open up more of our resources to the Internet. We can also look at different deployment models. While it is easy to set up a VNet or VPC with an Internet Gateway and secure servers with security groups, is there a better approach that provides some additional protection? While security groups are stateful software-defined firewalls that do provide protection and isolation, should we take a more layered approach to add some additional protection in case one of the layers is misconfigured?

The hub and spoke networking models for the cloud, when combined with firewall services, can provide that extra layer of protection. With these models, we may only have one entry point and exit point from our cloud environments. This allows us to implement centralized control with firewall services while still having the decentralized control offered by security groups. In this model, opening up a server to inbound access from the internet is not something that happens by mistake. There are specific load balancer or firewall translation rules that need to be put in place. This is not true for the average cloud environment where public subnets are the default."

Read the full article at US Military Cloud Email Data Breach ?

Free Curated Cloud Security Resources

Cloud Security Architecture | Cheat Sheets

Explore this 4-cheat sheet series created by Kat Traxler and Eric Johnson to diagram various cloud security architectures including:

• Azure to AWS Identity Architecture
• Azure to GCP Identity Architecture
• BigQuery Data Access Identity Architecture
• Inspection VPC Architecture

Explore Additional Cloud Security Posters and Cheat Sheets

Aviata Cloud Hands-On Workshop Series | Solo Flight Challenge

Master hands-on cloud security skills through this free 2024 workshop series that the entire SANS Cloud Security faculty is putting together for the community!

Aviata Cloud has embarked on a solo flight journey around the globe only to discover their nemesis, Baron Von Herrington and Co. is lurking in the shadows to sabotage them at every turn. Your hands-on cloud security skills can save the mission, defeat the enemy, and win the challenge!

The adventures of the Aviata Cloud company and our SANS Cloud Security workshop series will run monthly from April through December 2024.

• Read the Aviata Cloud story line
• Explore the upcoming monthly workshop technical topics at sans.org/workshops
• Each workshop is independent of the others, so participate in one, some, or all

Register for Chapter 1: Making Mistakes Publicly, Cloud Edition | Tues April 16 at 10am ET | 1500UTC with Moses Frost .

Breaking the Cloud Kill Chain | Webcast

Organizations are moving data and applications into public cloud services at a rapid pace. As the public cloud footprint expands, red teams and attackers are reinventing the kill chain in the cloud. Public cloud services provide new, creative ways to discover assets, compromise credentials, move laterally, and exfiltrate data. In this webcast, Eric Johnson explores common cloud attack techniques from the MITRE ATT&CK Cloud Matrix. For each technique, he analyzes misconfigurations, exploitation paths, and common architecture patterns for breaking the kill chain.

Listen Here

Design It Right From the Start with Hands-On Training

Cloud Security Architecture | SEC549

This cloud security training course helps security architects?design public cloud solutions for scaling enterprise identity, network perimeters, data perimeters, and logging facilities.

"The problems we talk about are some that I face in my job every day or know I will face shortly. Getting definitive answers for many of these issues is very helpful for me. Getting years of experience from the instructors and what they have worked on is invaluable." - Patrick Haughney

Take A Free Course Demo

Become a SANS Cloud Ace Architect | Career Path

Looking to become a Cloud Security Architect ? Here’s how:

• Design cohesive architecture | SEC549
• Secure multicloud environments | SEC488
• Align cloud design with larger business strategies | LDR520

Learn more about the Cloud Ace Journey Training Paths

SANS CloudSecNext 2024 | Summit + Training

Summit:?Sept 30-Oct 1 | Denver, CO & Free Live Online

Training: Oct 2-7 | Denver, CO & Live Online

Why Should You Come to Denver, CO?

• Two Full Days of Highly Technical Content
• Exclusive Face-to-Face Opportunities with the Top-minds in Cloud Security
• Access to In Person Interactive Workshops
• Access to Exhibit Hall
• Evening Social Events
• First-Access to Recordings and Presentations
• SANS Cloud Security Merchandise and Posters
• 2 Full Breakfasts & Lunches, and Breaks with Snacks and Drinks
• Earn 12 CPEs

Summit Chairs: Eric Johnson & Frank Kim

Learn More and Register

View the 2023 CloudSecNext Summit talks on our YouTube Channel .

Visit the SANS Cloud Security Curriculum Page | Preview SANS Courses | Connect with Our Solutions Team | Join the SANS Community