Up next in 10
The Cloud Show with Magnus Mårtensson ft. Mustafa Toroman - Ep. 4
31K views
Oct 30, 2023
Join this live session with Magnus Mårtensson ft. Mustafa Toroman for the next episode of The Cloud Show with Magnus Mårtensson on June 21, at 01:00 PM (EST). The show is about cloud leadership and all the important questions relating to cloud projects. Certainly, many matters when a company is going to and want to be successful in the cloud, are about technology. However, there are many additional matters, adjacent to technology, that we also need to tend to regarding business strategy, human resources, organizational change, planning for a technical cloud approach, and many more questions. These conversations are critical for a healthy cloud and for a swift and accurate cloud approach. GUEST SPEAKER Mustafa Toroman: Experienced Solution Architect with a demonstrated history of working in the computer software industry. Skilled in Cloud Computing, Microsoft Azure, MS SQL Server, Data Migration, DevOps and Public Speaking. Microsoft Certified Trainer and Microsoft MVP for Microsoft Azure. C# Corner MVP and award wining book author. C# Corner - Community of Software and Data Developers https://www.c-sharpcorner.com #CSharpCorner #TheCloudShow #CSharpTV
View Video Transcript
0:00
Hello, everyone, and welcome back to the Cloud Show
0:16
So this is the show where we talk to cloud leaders about leadership in the cloud and all
0:21
the kinds of things that you want to know about when you are a cloud leader. And as usual, we have a wonderful guest for the show tonight
0:28
It's going to be a conversation with my good friend and former colleague, Mustafa Turman
0:34
one of the best and most experienced cloud people I have ever had the pleasure of working with
0:39
So stay tuned while we talk about cloud security. Hello, hello, hello
0:51
Hello, Mustafa. How are you? Doing good. Doing good. How about you
0:57
I am. I'm great, man. This is such a treat. Again, I just mentioned here in the intro that
1:04
we used to be colleagues, you and I. Not too long ago. We had a short stretch, right? We had opportunity to working together. And
1:12
that was a really cool part of my career. Yeah, well, I mean, it was an interesting opportunity that we had to join in the same
1:22
company but now we're we're away on different in different things uh again doing different things
1:27
and you just joined a new company relevance uh yeah just recently like uh less than two months
1:36
ago i took a position of cto at run events which is uh plot we create platform for managing events
1:47
And it's very exciting because that's also another part of my career
1:52
Like I always run events, right? I always organize something, a lot of community stuff
1:59
So I kind of have a perspective on the organizing part and now trying to build it from the technical side as well
2:07
Which is really good. That means that you know what running events entails
2:12
and now you're building a service which is going to help people like yourselves uh yourself to to actually run events and i'm going to be with you in mince so
2:21
no in them in germany uh for the which is just across the mine is just across the bridge so
2:28
right there in germany um i'm going to be for the european cloud summit i'm going to enjoy that
2:34
okay so um here we are we have a a few moments to talk together and uh one of your uh well you have
2:42
many strings on your loot sir when it comes to cloud you know all about the cloud and networking
2:48
to say the least and a lot of other things and one thing that you really love and really like a lot
2:53
is security in the cloud absolutely yeah as you said i'm i've worked with cloud a lot like yourself
3:02
from the very beginning of the cloud right like we we are one of the rare people that have like 15
3:10
years on our belt so far so i've seen it from the beginning from from very few services that we had
3:18
to what it's full-blown cloud now and million different opportunities but yeah security is
3:25
definitely one of my favorite topics and i i definitely like to talk about cloud security
3:32
yeah so so let's let's dive into that and see what we have here so i know from from the past
3:39
that security was one of the showstoppers in the early days of the cloud
3:46
Companies would say, we can't verify the security. We don't know that it's going to be secure in the cloud
3:51
But of course, since quite a bit of time now, that has completely turned around
3:57
And now people are moving to the cloud for increased security. So you've been there for that journey as well, I guess
4:05
Yeah, but I believe the early stages when people were, they have certain level of mistrust over cloud, like it's running in my own environment in our building, we know where these servers are, no one can reach them, blah, blah, blah
4:25
And then there's this cloud who manages that. And I don't think that cloud was ever unsecure
4:33
Like from the very beginning, it was all the services that were there were quite secure
4:38
but there was a lack of understanding of what cloud represents and how it's managed
4:44
So we first of all need to understand that cloud brings this concept of shared responsibility, right
4:51
So in our on-premise world, we would basically have everything in our four walls and everything from hardware security, infrastructural security, networking, applications, access, everything was managed by ourselves
5:08
Like we were doing everything on our own. And now once we move to the cloud certain elements of that are taken away from us So we are no longer responsible for infrastructure and physical security some concepts and that depends now basically on which kind of cloud we are using
5:27
is it the infrastructure as a service platform as a service software as a service
5:32
what kind of security parts are our responsibility so identity and access is always going to be on
5:39
our side but then if we go to a platform as a service certain elements are added and then with
5:46
the infrastructure service of course it's most responsibility on our side but if we look at the
5:53
part of what cloud provider manages or as we usually talk about azure what microsoft manages
6:00
right in that regard it's a level of security that is unreachable to most organizations because
6:09
First of all, the scale on which they do it, and then basically how they actually do it with perimeter defense, secure buildings, biometric controls, and everything else
6:23
So that kind of security that we get in cloud data centers is unreachable to 99.9% of organizations
6:32
Like maybe exceptions are some government agencies, military, few banks, not all of them
6:38
I've worked with banks, so not all banks have that level of security for the physical side
6:46
So, yeah, there's that. There are a few providers or service providers that actually have bought old military bomb shelters that are drilled down into the mountains and things like that
7:02
Those would have a similar level of good security, of course. But as you say, most just don't have that type of security when it comes to the physical aspects of the thing
7:12
It just doesn't exist. So moving on to the not physical security, the attack vectors, the large-scale attacks with denial of service and those kinds of things
7:27
where cloud is also kind of giving us a lot to stand on
7:31
and that we just take advantage of when we're using the cloud
7:35
So let's dive into that for a bit. Yeah, that's a whole other concept of this cloud part
7:42
like comparing on-prem to the cloud, right? So in on-prem, we kind of protected our little world
7:51
Like we considered our network is something completely isolated and we are controlling everything that's inside
7:58
and just pretending it from the outside attacks. And now we have cloud services
8:03
that are basically usually reachable over the internet and it changes the game entirely, right
8:09
But in on-prem, we use something called perimeter defense and secure by design, which in cloud could never work
8:19
Now, it didn't work even on-prem. Like some things tells us that
8:23
Like if you look at the data and statistics on how data breaches happen and how much time attackers spend in your environment and et cetera, that approach with perimeter defense and secure by design, that never actually worked
8:41
Because if someone actually breached your network, they would spend like nine months in there before you actually discover them
8:48
So the approach altogether was wrong even with that. But with the cloud, it kind of amplified that we cannot use that anymore
8:57
With cloud, protecting just our isolated network and just not providing anyone access, that approach wasn't feasible anymore
9:09
So what we have now and what is the best possible approach is zero trust
9:15
So we don't trust anyone. Everything needs to be validated all the time
9:19
whatever you're trying to reach we are authenticating who you are we are checking your
9:24
authorization do you have access to this service etc so this is the new approach like we don't trust
9:30
anyone by default so compared to the on-prem again network once you're inside you can reach 90 percent
9:37
of the stuff right because it's just open there in the network because we consider our network
9:42
safe. In cloud, it doesn't work like that. So zero trust, verify every request. If you're trying to
9:50
reach a service, you're going to verify who you are, do you have permission to be here, and then
9:56
allow you to access that service. Same thing for documents or whatever else. That's the approach
10:02
right? Right, right, right. And a lot of companies also have requirements to be monitoring or
10:10
or passing inbound and outbound traffic through some software to make sure that everything is as it's supposed to be and do some logging and stuff on that
10:25
Yeah, so basically when we discuss that part, I would like to roll back to that shared responsibility part, right
10:31
So there a responsibility cloud provider takes responsibility for certain things and then we are responsible for the other Now what cloud provider also offers us there
10:45
is a zillion different services that we can use to increase our security
10:50
In cloud, and especially in Azure, that's my level of expertise. I duggle with every cloud a bit
10:59
but Azure is where I spend most of my time. So if we look at Azure, we have security dedicated services
11:07
So the entire purpose of that service is just to increase security
11:12
And it's up to us if we choose to use one or the other or whatever
11:16
But also we need to look at every single service as something that has security features built in
11:24
And it's for us to configure them correctly. Like a very trivial thing
11:28
like one of the first services and one of my favorite services ever in Azure is App Service
11:32
Azure App Service is just incredible thing, right? Yes. It's so simple and it's simply genius
11:39
Like I find it to like, and if we look at that service, like by default, it's an option for us to deploy a web application at and for it to be reachable, right
11:52
So nothing like security that rings there, right? But there are so many different things
11:58
So we can set up our own SSL for that. We can enforce that all traffic needs to go through HTTPS
12:07
We can select which level things we want to use, like what version of TLS we want to use
12:15
We can set up course policies. So these are all security features, right
12:20
These are very important from a security perspective, and they are just built in the service
12:24
so every service is like that I took that one because that's like the oldest
12:30
area of service it's been there since the beginning right it was there when the cloud was
12:36
the Microsoft cloud, the Azure cloud Windows Azure as it was called
12:40
was what actually came out and of course it's evolved a lot over time but that platform service
12:45
the ability to run your web presence was one of the first services
12:52
the fundamental services in the Azure platform. And that service has so many different security options enabled, right
13:01
And the same goes for everything else. If you go to Azure SQL or Data Factory
13:07
whatever service you choose, it's going to have some security options that you can play with
13:13
and increase your security. And then we have security services like DDoS Protection
13:21
Azure Firewall, so many different options there. And then you mentioned logging
13:28
So we have a log ytics workspace that can log basically anything from anywhere
13:33
like whatever kind of log, application, system, security, everything can go in there as a huge log store that we can keep
13:43
and then query and find things happening in there. But like, especially two very interesting services from the cloud, from security perspective are Defender for Cloud, and then Sentinel. So these are very specific cloud services, security cloud services that are very often confused, which is one and what it does. So Defender for Cloud is there for your security posture
14:14
it will yze your cloud environment it has a little like gamification part where you have
14:21
a secure score so you're trying to achieve the impossible you're chasing
14:25
the 100% you can never reach that you can never reach it
14:29
I like the gamification framing that you put there because that's exactly
14:34
what it's for it looks at your environment and it has a
14:38
book of things that you should be checking off and if it don't match
14:43
which it probably never does you get a lowered secure score and it's
14:49
really good to catch dangerous dangerous things like say that someone makes a stupid mistake like
14:54
an open unprotected port to the internet that's going to show up as a critical thing
15:00
in the defender straight away which is so useful yeah cool defender
15:06
okay so sentinel so the other one is sentinel which is kind of
15:13
like CM solution that is so cool, so advanced. It leverages the log ytics I mentioned before, like all the logs, everything goes
15:25
in there. We are keeping the things. And then we have Sentinel on top of that for yzing data
15:32
And it leverages machine learning, behavior ytics, so many cool things. And it catches what's happening in your environment
15:41
And what is really cool about it is that it can connect events to a single thing, right
15:49
Because attack rarely happens as a single event There are multiple things that are going on and it very hard Like imagine if we were going through the logs and trying to recognize by hand like just scrolling through the logs and try to recognize
16:07
It can't be done by a human. Especially with the amount of logs that are happening right now, right
16:13
Because the amount of data is constantly increasing. There's more and more and more and more of that data all the time
16:21
Yeah. So going through that manually and just scrolling and trying to figure out what happens, it would be impossible
16:29
So what Sentinel does is basically Sentinel does it for you. So it yzes the events and then connects them together and presents you, OK, you have a security incident
16:41
And these are the events that are related to incidents. So do your action
16:45
And there's even one more layer outside of that, which I find so fascinating, is that whichever company is using the cloud, you think you may be pretty big
16:55
But in Azure terms, you're probably very, very small. But all of Azure, all of Microsoft is being attacked all the time
17:04
Not only Microsoft, everyone else as well. But what I'm trying to say is that Microsoft has so much data from attacks on every service, on every customer, that they can see attack patterns that are global, that are much larger than just your organization
17:20
And they can actually use that information to indicate to you that something that you can't see based on your data, you can't see that it is an attack
17:30
Microsoft could actually tell you that this is part of a larger attack pattern. And that service power, that power of, you know, the infinite power of every customer is such a cool aspect of this
17:43
Absolutely, absolutely. Because as I mentioned, it uses machine learning. So machine learning is as good as a data model that you have
17:53
And more data you have in the background, the process and learn from, the better results will be, right
17:59
If it would yze only our environment, the data pattern is very small and it's very, it would not tell us much
18:09
But the amount of data that Microsoft has from everyone, basically, it is providing a very good result
18:17
So it also helps us catch zero day events. Basically, as soon as something happens, when it happens to one customer, Microsoft is aware of it, and then it's applied for everyone right afterwards
18:30
So it needs to happen once, and then everyone knows about it
18:34
Your Sentinel will know about it, and we'll warn you that something is going on
18:38
Exactly. And just something as devastating as a denial-of-service attack, for example
18:45
Those things are detected by the system, that there is a denial-of-service happening through the network
18:51
And Microsoft can essentially block off most of those attempts before any such traffic would ever reach the services that you run as a customer
19:02
You will never ever, you might never even know that you were under attack
19:07
It's that effective. Yeah, yeah, very true. That's really cool. Oh, yeah, sorry
19:13
Yeah, anyway, we need to wrap this up because we can go for days on this topic
19:19
We can literally talk for days about this topic. But what I've heard you say throughout this year, if we put it together, is that if somebody wants to get better with security on the cloud, they need to look into the security settings on every service that they are using and then understand how to configure them to send their information properly to the SIEM system, the Sentinel
19:45
And they need to also set up Microsoft Defender properly. So Defender and Sentinel, that takes you a long way, I guess, in securing your cloud
19:57
Yeah, definitely. And if you're just starting out with that, then first thing you need to do is a Defender because Defender is there for your hygiene
20:07
And it just looks at your environment and compares it to the best practices and says to you, OK, this is not configured as it should be
20:15
Yeah. You have open ports, management ports. you have unsecured traffic security patches it checks for and all the things that you should know
20:26
but don't have to keep track of yourself because defender is there to help you with absolutely
20:31
and it can be overwhelming at the beginning so because it will show you a lot of results so
20:36
concentrate on the highest risks the most critical ones and then work your way down work down or do
20:43
it, your secure score will rise and then it becomes a game. You're trying to
20:49
get better and better and better. Again, impossible, but you're trying to for perfection
20:55
So brilliant. Tap into playing that game of secure score. It's going to be worth it. Thank
21:01
you so much, Mustafa, for being on the Cloud Show today. It was a brilliant
21:04
time talking to you, and I hope you'll be back on the show again sometime in the future
21:10
Anytime you have me. It was my pleasure being here. Thank you. Have a good day
21:14
See you as well. Bye bye
#Computers & Electronics
#Distributed & Cloud Computing
#Enterprise Technology
#Network Security
#Networking