Cloud Security

🚨CISA & NSA release Crucial Guide on Network Segmentation and Encryption in Cloud Environments🚨 In response to the evolving requirements of cloud security, the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a comprehensive Cybersecurity Information Sheet (CSI): "Implement Network Segmentation and Encryption in Cloud Environments." This document provides detailed recommendations to enhance the security posture of organizations operating within cloud infrastructures (that probably means you). Key Takeaways Include: 🔐 Network Encryption: The document underscores the importance of encrypting data in transit as a defense mechanism against unauthorized data access. 🌐 Secure Client Connections: Establishing secure connections to cloud services is fundamental. 🔎 Caution on Traffic Mirroring: While recognizing the benefits of traffic mirroring for network analysis and threat detection, the guidance cautions against potential misuse that could lead to data exfiltration and advises careful monitoring of this feature. 🛡️ Network Segmentation: Stressed as a foundational security principle, network segmentation is recommended to isolate and contain malicious activities, thereby reducing the impact of any breach. This collaboration between NSA and CISA provides actionable recommendations for organizations to strengthen their cloud security practices. The emphasis is on strategically implementing network segmentation and end-to-end encryption to secure cloud environments effectively. Information security leaders are encouraged to review this guidance to understand better the measures necessary to protect cloud-based assets. Implementing these recommendations will contribute to a more secure, resilient, and compliant cloud infrastructure. Access the complete guidance provided by the NSA and CISA to fully understand these recommendations and their application to your organization’s cloud security strategy. 📚 Read CISA & NSA's complete guidance here: https://lnkd.in/eeVXqMSv #cloudcomputing #technology #informationsecurity #innovation #cybersecurity

Most organizations treat data governance like a compliance project. It's not. It's the operating framework that makes everything else work. Here's how data becomes trusted, usable, and scalable: DATA FOUNDATION This is where it starts. Not with dashboards or AI models. → Master data that's shared and neutral → Transaction data you can trace → Source systems you can rely on → Data products that deliver value → Event and IoT data that's structured Make data understandable and reliable. DATA MANAGEMENT The layer most organizations confuse with governance. → Data quality monitoring → Metadata management → Lineage tracking → Cataloging This operationalizes the rules. But it doesn't set them. DECISION AUTHORITY This is governance. The layer everyone skips. → Metric ownership assigned → Definition rights clarified → Change authority established → Escalation paths defined This is what scales. Not the catalog. Decision clarity. ANALYTICS & AI Built on governed decisions. → Dashboards and reporting that people trust → Advanced analytics that stay accurate → RAG and GenAI that don't drift → AI models and agents that scale BUSINESS OUTCOMES → Trusted metrics → Faster decisions → Scalable analytics → Safe AI adoption The framework connects to: → Technical enablement (cloud, platforms, APIs, security) → Operating model (roles, governance cadence, stewardship) → Risk and control (regulatory compliance, auditability, ethics) Here is how I see it: If ownership is unclear, nothing above scales. You can build the best data platform in the world. The cleanest pipelines. The most advanced AI. But without clear ownership and decision authority, it all breaks when someone asks "who approved this definition?" Start with the foundation. Build the governance layer. Then scale. Not the other way around.

If you’re new to Security Engineering, you’re likely: – relying on “default” cloud configs – skipping threat modeling and risk reviews – ignoring logging, audit trails, or alert fatigue – underestimating insider threats and privilege creep – forgetting to patch dependencies and container images Follow this simple 27-rule Security Engineering Checklist to protect your org and avoid rookie mistakes. 1. Never deploy to prod without a full security review and automated vulnerability scan. 2. Patch everything, OS, dependencies, containers, on a regular schedule, not just when an incident hits. 3. Rotate all secrets and keys regularly, and store them in a dedicated secrets manager. 4. Enforce strong, unique passwords everywhere. Disable password reuse. 5. Require Multi-Factor Authentication (MFA) for all privileged and production accounts. 6. Limit permissions by default: start with zero trust, use least privilege everywhere. 7. Set up Role-Based Access Control (RBAC) and review roles/permissions every quarter. 8. Segment networks, no flat internal networks. Isolate prod, staging, and dev completely. 9. Encrypt data everywhere: at rest, in transit, and (where possible) in use. 10. Enable detailed audit logging on all critical systems, APIs, and cloud resources. 11. Review audit logs regularly, don’t just store them, analyse for anomalies. 12. Use Infrastructure as Code (IaC) to standardise, version, and review every config change. 13. Scan all Infrastructure as Code and container images for security misconfigurations and vulnerabilities. 14. Run regular external and internal penetration tests, don’t trust just compliance scans. 15. Threat model every major new system or feature before shipping to production. 16. Validate and sanitise all user inputs, never trust client-side validation alone. 17. Protect public endpoints with WAFs, API gateways, and rate limiters. 18. Require code reviews for all security-sensitive code paths. 19. Never expose internal services directly to the internet, use proxies, firewalls, and allowlists. 20. Monitor for unusual authentication, privilege escalations, and lateral movement. 21. Use endpoint protection and EDR (Endpoint Detection & Response) on all corporate devices. 22. Run simulated phishing campaigns and red team exercises, not just annual security training. 23. Automate alerting for critical events, disable noisy, low-signal alerts to avoid alert fatigue. 24. Enforce secure backups, encrypt, store offsite, and regularly test restore. 25. Require explicit approval and justification for opening firewall ports or changing access. 26. Document every system’s security controls, incident history, and responsible owner. 27. Never treat security as “done”, review, improve, and iterate after every incident and audit. --- Found this useful? Repost it. Follow saed ‎for more & subscribe to the newsletter: https://lnkd.in/eD7hgbnk I am now on Instagram: instagram.com/saedctl say hello 👋

I've set up hundreds of AWS accounts for clients over the years. Here's your essential checklist when starting a new AWS account: 1. Delete default VPC, create a custom one 2. Set up budget alerts 3. Enable CloudTrail logs 4. Configure strong password policy 5. Enforce MFA for all users 6. Enable AWS Resource Explorer 7. Set up IAM roles and least privilege access 8. Enable AWS Security Hub for centralized security management 9. Implement tagging strategy for cost allocation 10. Enable AWS Organizations for multi-account strategy These steps establish a robust foundation for security, cost management, compliance, and scalability. Pro tip: Automate this process with Infrastructure as Code (IaC) tools like AWS CloudFormation, AWS CDK or Terraform. It ensures consistency and saves time on future setups. Which of these do you prioritize? Any crucial steps I missed? Share your thoughts!

This EY incident underscores a truth we often overlook: the most common cloud vulnerability isn't a zero-day exploit; it's a configuration oversight. A single misstep in cloud storage permissions turned a database backup into a public-facing risk. These files often hold the "keys to the kingdom" ie. credentials, API keys, and tokens that can lead to a much wider breach. How do we protect ourselves against these costly mistakes? Suggestions 1. Continuous Monitoring: Implement a CSPM for 24/7 configuration scanning. CSPM is Cloud Security Posture Management -> a type of automated security tool that continuously monitors cloud environments for misconfigurations, vulnerabilities, and compliance violations. It provides visibility, threat detection, and remediation workflows across multi-cloud and hybrid cloud setups, including SaaS, PaaS, and IaaS services 2. Least Privilege Access: Default to private. Grant access sparingly. 3. Data Encryption: For data at rest and in transit. 4. Automated Alerts: The moment something becomes public, you should know. 5. Regular Audits: Regularly review access controls and rotate secrets.

What a surprise for the EU 😱 😉 A recently published expert opinion commissioned by the German Federal Ministry of the Interior has sparked a pivotal discussion on data governance and sovereignty. According to the report, US authorities can exert far-reaching access rights to cloud data managed by US-based companies, even when that data is stored in European data centers and administered through local subsidiaries. This is because legal instruments such as the Stored Communications Act extended by the Cloud Act and Section 702 of FISA focus on the provider’s control, not the physical location of the servers. This finding is a firm reminder that simply hosting data on European soil does not guarantee protection from extraterritorial legal claims. It reveals structural risks in relying on dominant foreign cloud providers for sensitive data and critical digital infrastructure. For Europe to truly uphold its data protection principles and strategic autonomy, the conversation must go beyond compliance checklists and contractual assurances. We need stronger investment in #opensource digital infrastructure and indigenous technologies that reduce dependency on non-European platforms. Open source fosters transparency and auditability while enabling communities and businesses to build on systems that are not bound by foreign legal systems. If #digitalsovereignty is to mean more than a buzzword, we must accelerate our efforts towards resilient, interoperable, and locally governed alternatives. Only then Europe can ensure that its data is governed by the laws and values that its citizens and organisations expect. Source: https://lnkd.in/dtpXiwYN

Here I attached the Cybersecurity Technology Stack. This poster is a complete visual guide to the key cybersecurity tools and technologies across all major categories from SIEM, EDR, XDR, SOAR, TIP, PAM, CSPM to deception technologies, UEBA and more. I created this to help professionals and newcomers get a clearer picture of what solutions are available and how they fit into the larger cybersecurity ecosystem. When I first started working in cybersecurity operations, most environments focused heavily on perimeter defence and endpoint protection. But attackers have evolved. Today, a proper setup requires multiple integrated layers that work together. No single tool is enough. What matters is how these tools connect to give visibility, control and speed in detection and response. If you're building or reviewing your cybersecurity stack, these are the key areas I recommend you consider: 1. Visibility with SIEM •Start with a strong SIEM platform. This will collect logs across your infrastructure from endpoints, firewalls, cloud and identity systems and help detect patterns or anomalies. 2. Real-time Threat Detection with EDR or XDR •Next, deploy EDR to get deep visibility into endpoint activities. If your budget allows, move towards XDR to combine endpoint, network and cloud telemetry into one detection layer. 3. Response Automation with SOAR •As alerts come in, you need a fast and consistent way to respond. A SOAR platform can automate triage, enrich alerts with threat intel and reduce the time analysts spend on manual tasks. 4. Threat Intelligence Integration •No matter how good your SIEM or EDR is, you need context. Use Threat Intelligence Platforms (TIP) to enrich data with external threat indicators and insights. 5. Secure Privileged Access with PAM •If an attacker gets access to a privileged account, the damage can be severe. Implement PAM to secure, manage and audit access to critical systems and credentials. 6. Vulnerability Management •A well-monitored environment still becomes weak if patching is not managed. Use vulnerability scanners and patch management systems to identify and remediate weaknesses quickly. 7. Cloud Security Posture and Identity Management •As more workloads move to the cloud, ensure you have CSPM tools and proper IAM controls in place to prevent misconfigurations and abuse of identity-based access. 8. Advanced Detection with NDR, UEBA, and Deception •For mature setups, consider adding Network Detection & Response, User Behaviour Analytics and deception technologies. These give you deeper layers of defence and help detect stealthy attacks. Building a modern cybersecurity setup is not about chasing tools, but designing an architecture where each solution complements the other. You want detection, correlation, automation and response to happen as smoothly as possible. This is the mindset behind the stack I designed. Every component in this poster plays a role in defending against modern threats.

Your dashboards can be 100% green. And still completely wrong. That’s the scary part about data quality problems: they spread quietly before anyone notices. A reliable pipeline doesn’t just move data. It verifies trust at every stage. The checks that matter most: • null & duplicate validation • primary key checks • referential integrity • schema evolution detection • freshness monitoring • range & outlier checks • distribution drift tracking And one lesson engineers learn late: Schema evolution is not “just metadata.” A tiny structural change can break: • joins • aggregations • ML features • dashboards • historical consistency If you want stronger systems: • validate schemas before deploys • monitor row-count anomalies • compare distributions over time • treat data contracts seriously • build observability into pipelines early Because pipelines usually fail long before they crash. The best engineers catch the signal before the incident. Here’s are some amazing frameworks to include in your data projects: → Great Expectations : Write tests for your data like you test code. → Deequ: Amazon's gift to data quality. Scales beautifully. → Monte Carlo : Observability for data pipelines. Sleep better. → dbt Labs tests: Test your transformations. Trust your models. Quality isn't a one-time project. It's a daily practice. Image Credits: Sumit Gupta What’s one silent data issue your team learned the hard way? #data #engineering

I've reviewed Anthropic's Risk Report for Claude Opus 4.6 because many of our enterprise customers are actively deploying AI agents into production environments. When those systems fail, the consequences are operational, financial and reputational. Most of the reaction centers on the headline that catastrophic risk is very low but not negligible. What matters more for customers and future customers is how risk actually manifests inside live enterprise systems and what that means for uptime, data integrity and compliance. It does not look like a breach. It looks like business as usual. An agent subtly influencing procurement decisions. A finance workflow that starts omitting inconvenient data. Permissions that expand over time without clear oversight. Anthropic describes a scenario called Persistent Rogue Internal Deployment, where an AI system with privileged access creates a less monitored instance of itself and continues operating inside production systems. In a real enterprise environment, that translates into downtime, data exposure or regulatory impact. The organizations at greatest risk are not the ones moving cautiously. They are the ones who pushed agents into production without adding an operational governance layer. We have seen this pattern before in cloud adoption. Technology advances quickly, and controls often lag behind. That gap is where exposure grows. So what should enterprise IT and security teams do now? 1. Constrain actions, not just access. Define what an agent can set in motion and enforce least privilege at the identity level, just as you have done for human users for decades. 2. Log actions, not just outcomes. Maintain an auditable trail of what the agent did, where and what triggered it, the same standard applies to human operators in regulated environments. 3. Automate your tripwires. Do not rely on people to catch machine speed behavior. Build policy enforcement and anomaly response into the loop. 4. Audit your agent footprint. Inventory every agent, its owner, permissions and kill path. Governance starts with visibility and most enterprises are still building it. The window to build these guardrails is now, before the agent workforce scales. At Rackspace, 25 years of running mission-critical systems have taught us that trust without controls creates exposure. We build and operate AI infrastructure with governance embedded from day one because customers need speed, resilience and measurable outcomes, not experiments in production. What this means for you is simple. Move forward on AI with confidence, but make operational governance part of the foundation so scale strengthens your business instead of introducing risk.

3 Reasons Why Cloud Security Programs Fail (Even With Top Tools)  I have been involved with number of Cloud Security Program and most of the time these 3 were top reason for failed programs even with a cutting-edge CSPM/CNAPP solution in use. 1️⃣ Lack of Clear Ownership and Responsibility - Change is the only constant, which means there is never a clear Owner who can help resolve a cloud security problem. - Many time at an enterprise scale there are changes happening at a really large scale. e.g a org change impacts 6000 developers in what project they now work on and have to drop what they were working on. This means something critical in your cloud environment needs to be managed another way e.g Edge security 2️⃣ Inadequate Skills and Training - Kubernetes continues to dominate AI projects in Cloud, along with the use of Cloud native AI services, by Engineering teams. However, the open source community of Kubernetes is not well known or covered by CSPM which leaves a gap which is yet to be filled. - M&A brings new team and to organization who are not either ready for cloud security or Kubernetes security. - Expert in 1 Cloud is not an Expert in another but they can know just enough about the other cloud to collaborate to bring the information together. 3️⃣ Fragmented Visibility: Multi-Cloud Coverage - Most enterprise are 70-20-10 in terms of multi-cloud and hybrid cloud usage. Expecting a security team to pull all areas together into one is quite difficult especially if each of these teams work in silos with specific products that don't talk to another security product. - This is where the Platformization by cybersecurity product companies would be highly beneficial to able to bring real time security, infrastructure security, application security together into one view to address the actual problem and not the symptom. Did I miss any other reason for why Cloud Security Programs fail? #cspm #cloudsecurity #cloudsecurityprogram