Cloud Governance
Stories on Cloud Governance by Teri Radichel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Multicloud Security | Data Breaches | Cloud Governance
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cloud Governance is one of the most critical things you can do to prevent data breaches in your cloud accounts. But you must do it in a manner that actually prevents attacks. Stop writing paper polices and automate your governance. Allow your governance team to develop and deploy the rules. New tools from cloud providers make this much easier than it has been in the past.
Use a proper Software Development Lifecycle (SDLC) that includes separate development, QA, and operations or production teams for governance code. Use separation of duties to design architectures that require multiple parties to take an action to help prevent egregious misconfiguration and limit the blast radius should an administrators credentials get compromised.
Cloud Governance on AWS
Creating an AWS Governance Account
ACM.139 Creating OUs and Accounts in an AWS Organization
medium.com
Had some issues with AWS Organizations and Control Tower. Some of this has been resolved, but not all.
The chapters not published in my blog that are in my book — Cybersecurity for Executives in the Age of Cloud.
Most of my blog series on automating cybersecurity metrics has an element of Cloud Governance to it:
Naming conventions for AWS resources in an organization.
Tags are useful for tracking resources on AWS, but also come with some caveats. Hint: Automate tags and lock them down if you are counting on them.
Autoamted VPC Flow Logs Governance
I opted to remove or decommission AWS Control Tower in favor of more customized governance and SCPs I can better control.
At some point I started over without Control Tower, creating a new AWS account from scratch but can reuse a lot of the elements I had already created to improve governance in AWS. This post covers some of the elements and proceed from there to see how they are used in the new AWS Organization structure.
Increase the number of accounts you can have in an organization:
On closing and migrating accounts:
Governance for Executives, risk management, policies, and exceptions
Enabling Cost and Usage
ACM.204 Monitoring for security issues by watching account spending
medium.com
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
