Introduction

• As cloud usage grows and evolves, attackers

are paying more attention
• Cloud infrastructure is build securely (likely Cloud environments are
top targets today
more secure than most data centers), but …
Cloud account compromise increased
• … incidents continue! 16x from 2022-2023
• Organizations need to ask themselves whether Cloud providers are also being
their models of cloud security are in line with targeted more than ever
modern practices
• Do you use cloud securely? What does it
mean?

2
 Proprietary + Confidential

The Cloud Is Secure…

How Do They Get In?

Top ways in:

● Credentials
● Misconfigurations

(source: Google Cloud Threat Horizons Report #10)

 What Do They Do?

Top malicious usage:

● Cryptomining

(source: Google Cloud Threat Horizons Report #10)

Why? Old Ways in a New Environment!

• Cloud is NOT just “somebody else

computer”
• For a vast number of modern cloud
deployment options, the “old ways” of
doing security need updates
• Things move faster in the cloud! Developers
make more decisions on their own
• Security architecture, operations, and
controls models need to adapt accordingly.

6
 Key Areas of Focus
1. Governance and asset management
2. Workload configuration and patching
3. Identity management
4. Network access controls and segmentation
5. Business continuity and resilience
6. Secrets and key management
7. Data security and protection
8. Vulnerability management
9. Logging and event management
10.Incident response and forensics
Governance and Asset Management
• Let’s move away from teams in silos!
• Cloud security is not an island!
• Design a modern governance model that
has the following team breakdown:
• Central DevOps and Cloud Engineering
• Workload Image Management
• Identity and Access Management (IAM)

8
Workload config/patching
• Modern models of workload
configuration and patching should shift
towards tearing down workloads that
don’t meet desired patching and
configuration requirements and
replacing them with new workloads
based on updated images.
• Shift from assessing running workloads
to adding an assessment step into a
build pipeline.

9
Identity Management
• Identity management in the cloud: CSP or third party (pros/cons
here!)
• Cloud identity management also comprises of:
• Identity relationship and entitlements mapping and risk analysis
• Cloud identity and access management (IAM) and configuration through
CSPM solutions
• Privileged user management and Just-in-Time (JIT) access management
• SSO and federation for identities
• Cloud infrastructure entitlement management (CIEM) has emerged
Network access controls and
segmentation; zero trust
• Overly permissive cloud access and lack of segmentation controls
are common areas of cloud misconfigurations
• Review all security groups and cloud firewall rule sets to ensure
only the network ports, protocols and addresses needed are
permitted to communicate
• A key theme to adopt in network access control for the cloud is
“perimeterization” of each workload (ZT-style), meaning all VMs
and containers have their own isolation boundaries
Business continuity, High availability
and resilience
• In the cloud, building a more
resilient and available
infrastructure is much simpler.
• CSPs offer cloud regions and zones,
fully automated high availability
(HA) and failover controls within
load balancing
• CSPs have highly redundant and
resilient cloud storage
infrastructure
• Most provider SLAs are also
equivalent or better than many
hosting providers’ data centers
Data Security In and For the Cloud
• Cloud providers implement encryption at scale, all
data at rest within Google Cloud is encrypted by
default
• Within a cloud environment, discovering, classifying,
and tracking data is powered by cloud provider’s
storage infrastructure
• Data discovery is automated for BigQuery databases.
• DLP can be implemented across a variety of storage types,
including BigQuery, Cloud Storage, and Datastore.
• Google Cloud SDP (ex-DLP) can help organizations protect
data with policies to classify, mask, tokenize, and transform
data as desired.
13
Secrets and Key management
• CSPs deliver robust native secrets and key
management capabilities
• Google Secret Manager manages secret versioning,
access controls, lifecycle and rotation, and audit
trails simply and centrally.
• Secrets can be detected within Google Cloud DLP
and flagged for protection within Secret Manager.
• Cloud KMS enables many key management
options, inclubg HYOD (via EKM)
Logging and event management
• Cloud log data being produced in enormous
quantities, and teams need to detect threats
(and know what to detect!)
• Sending logs and cloud telemetry and
observability data to a cloud SIEM is a must
(example: Google SecOps)
• ML/AI can augments massive event data
processing technology, while GenAI improves
UX and analyst experience
 Incident Response and Forensics
• Automation has become a major focus
area for cloud computing forensics and
incident response.
• Assessing the environment
• Locating and tagging suspect assets
• Performing evidence acquisition
• The cloud offers a wide range of forensic
artifacts and solutions (it is not just about
VM images access)
 Proprietary + Confidential

Where GenAI Deliver Cloud Security Magic?

Observe Orient
AI-powered networks monitor LLMs analyze and contextualize
for anomaly detection. vast amounts of data.
LLMs power real-time processing AI identifies attack patterns and attacker
of threat intelligence feeds. tactics, techniques, and procedures.

OODA
Act
loop Decide
AI-driven automation drives AI algorithms recommend the
containment measures. best course of action.
Faster response times limit the Final phase of critical decisions
impact of attacks. should include human-in-the-loop
approaches.
Looking Ahead: Adaptation and
Better Security in the Cloud
• In 2024 and beyond, we see a variety of trends that will be likely to
grow and continue:
• Continued focus on identity and access management, especially
centralized monitoring and control of identities and privileged identity
control and oversight.
• Continued focus on configuration mistakes reduction.
• Increased emphasis on data protection, especially for data analytics and
processing capabilities for AI and GenAI.
• A trend toward continuous analysis of trust and privileges within the
cloud, for assets and workloads/applications based on a principle of least
privilege and access minimization.
• More use of AI for security (as expected), but also focus on securing AI
workloads in the cloud
18
 Q&A in Zoom
Please use Zoom’s Q&A
window to submit questions
to our presenters.

Type your question, include

then name of the presenter if
the question is for a specific
speaker, and then click Send!
Thank You to Our Partner

And our guest speakers:

Dr. Anton Chuvakin, Google Cloud
https://www.linkedin.com/in/chuvakin

Brandon Evans, SANS

https://www.linkedin.com/in/brandonmaxevans