├── LICENSE
└── README.md
/LICENSE:
--------------------------------------------------------------------------------
1 | Creative Commons Legal Code
2 |
3 | CC0 1.0 Universal
4 |
5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
12 | HEREUNDER.
13 |
14 | Statement of Purpose
15 |
16 | The laws of most jurisdictions throughout the world automatically confer
17 | exclusive Copyright and Related Rights (defined below) upon the creator
18 | and subsequent owner(s) (each and all, an "owner") of an original work of
19 | authorship and/or a database (each, a "Work").
20 |
21 | Certain owners wish to permanently relinquish those rights to a Work for
22 | the purpose of contributing to a commons of creative, cultural and
23 | scientific works ("Commons") that the public can reliably and without fear
24 | of later claims of infringement build upon, modify, incorporate in other
25 | works, reuse and redistribute as freely as possible in any form whatsoever
26 | and for any purposes, including without limitation commercial purposes.
27 | These owners may contribute to the Commons to promote the ideal of a free
28 | culture and the further production of creative, cultural and scientific
29 | works, or to gain reputation or greater distribution for their Work in
30 | part through the use and efforts of others.
31 |
32 | For these and/or other purposes and motivations, and without any
33 | expectation of additional consideration or compensation, the person
34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she
35 | is an owner of Copyright and Related Rights in the Work, voluntarily
36 | elects to apply CC0 to the Work and publicly distribute the Work under its
37 | terms, with knowledge of his or her Copyright and Related Rights in the
38 | Work and the meaning and intended legal effect of CC0 on those rights.
39 |
40 | 1. Copyright and Related Rights. A Work made available under CC0 may be
41 | protected by copyright and related or neighboring rights ("Copyright and
42 | Related Rights"). Copyright and Related Rights include, but are not
43 | limited to, the following:
44 |
45 | i. the right to reproduce, adapt, distribute, perform, display,
46 | communicate, and translate a Work;
47 | ii. moral rights retained by the original author(s) and/or performer(s);
48 | iii. publicity and privacy rights pertaining to a person's image or
49 | likeness depicted in a Work;
50 | iv. rights protecting against unfair competition in regards to a Work,
51 | subject to the limitations in paragraph 4(a), below;
52 | v. rights protecting the extraction, dissemination, use and reuse of data
53 | in a Work;
54 | vi. database rights (such as those arising under Directive 96/9/EC of the
55 | European Parliament and of the Council of 11 March 1996 on the legal
56 | protection of databases, and under any national implementation
57 | thereof, including any amended or successor version of such
58 | directive); and
59 | vii. other similar, equivalent or corresponding rights throughout the
60 | world based on applicable law or treaty, and any national
61 | implementations thereof.
62 |
63 | 2. Waiver. To the greatest extent permitted by, but not in contravention
64 | of, applicable law, Affirmer hereby overtly, fully, permanently,
65 | irrevocably and unconditionally waives, abandons, and surrenders all of
66 | Affirmer's Copyright and Related Rights and associated claims and causes
67 | of action, whether now known or unknown (including existing as well as
68 | future claims and causes of action), in the Work (i) in all territories
69 | worldwide, (ii) for the maximum duration provided by applicable law or
70 | treaty (including future time extensions), (iii) in any current or future
71 | medium and for any number of copies, and (iv) for any purpose whatsoever,
72 | including without limitation commercial, advertising or promotional
73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
74 | member of the public at large and to the detriment of Affirmer's heirs and
75 | successors, fully intending that such Waiver shall not be subject to
76 | revocation, rescission, cancellation, termination, or any other legal or
77 | equitable action to disrupt the quiet enjoyment of the Work by the public
78 | as contemplated by Affirmer's express Statement of Purpose.
79 |
80 | 3. Public License Fallback. Should any part of the Waiver for any reason
81 | be judged legally invalid or ineffective under applicable law, then the
82 | Waiver shall be preserved to the maximum extent permitted taking into
83 | account Affirmer's express Statement of Purpose. In addition, to the
84 | extent the Waiver is so judged Affirmer hereby grants to each affected
85 | person a royalty-free, non transferable, non sublicensable, non exclusive,
86 | irrevocable and unconditional license to exercise Affirmer's Copyright and
87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the
88 | maximum duration provided by applicable law or treaty (including future
89 | time extensions), (iii) in any current or future medium and for any number
90 | of copies, and (iv) for any purpose whatsoever, including without
91 | limitation commercial, advertising or promotional purposes (the
92 | "License"). The License shall be deemed effective as of the date CC0 was
93 | applied by Affirmer to the Work. Should any part of the License for any
94 | reason be judged legally invalid or ineffective under applicable law, such
95 | partial invalidity or ineffectiveness shall not invalidate the remainder
96 | of the License, and in such case Affirmer hereby affirms that he or she
97 | will not (i) exercise any of his or her remaining Copyright and Related
98 | Rights in the Work or (ii) assert any associated claims and causes of
99 | action with respect to the Work, in either case contrary to Affirmer's
100 | express Statement of Purpose.
101 |
102 | 4. Limitations and Disclaimers.
103 |
104 | a. No trademark or patent rights held by Affirmer are waived, abandoned,
105 | surrendered, licensed or otherwise affected by this document.
106 | b. Affirmer offers the Work as-is and makes no representations or
107 | warranties of any kind concerning the Work, express, implied,
108 | statutory or otherwise, including without limitation warranties of
109 | title, merchantability, fitness for a particular purpose, non
110 | infringement, or the absence of latent or other defects, accuracy, or
111 | the present or absence of errors, whether or not discoverable, all to
112 | the greatest extent permissible under applicable law.
113 | c. Affirmer disclaims responsibility for clearing rights of other persons
114 | that may apply to the Work or any use thereof, including without
115 | limitation any person's Copyright and Related Rights in the Work.
116 | Further, Affirmer disclaims responsibility for obtaining any necessary
117 | consents, permissions or other rights required for any use of the
118 | Work.
119 | d. Affirmer understands and acknowledges that Creative Commons is not a
120 | party to this document and has no duty or obligation with respect to
121 | this CC0 or use of the Work.
122 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Cloud Security
2 |
3 | > A curated list of Cloud Security documentation and Open Source Projects related to it.
4 |
5 | Cloud security is a broad set of policies, technologies, applicationsope , and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing.
6 |
7 | Cloud security is a shared responsibility between the cloud provider and the customer. The cloud provider is responsible for the security of the underlying infrastructure, while the customer is responsible for the security of their data and applications.
8 |
9 | There are a number of cloud security best practices that organizations can follow to protect their data and applications in the cloud. These include:
10 |
11 | Choose a reputable cloud provider. When choosing a cloud provider, it is important to do your research and select a provider that has a strong track record of security.
12 | Implement strong access controls. It is important to implement strong access controls to your cloud resources. This includes using strong passwords, multi-factor authentication, and role-based access control (RBAC).
13 | Encrypt your data. It is important to encrypt your data at rest and in transit. This will help to protect your data from unauthorized access.
14 | Monitor your cloud environment. It is important to monitor your cloud environment for security threats. This includes using cloud security tools to detect and respond to threats.
15 | Stay up-to-date on the latest security threats. It is important to stay up-to-date on the latest security threats. This will help you to protect your cloud environment from emerging threats.
16 |
17 | # Contents
18 |
19 | - [Why Cloud Security](#why-cloud-security)
20 | - [Identity and access management (IAM)](#identity-and-access-management-iam)
21 | - [Cloud Infrastructure Protection](#cloud-infrastructure-protection)
22 | - [Data Protection](#data-protection)
23 | - [Zero Trust in Cloud Security](#zero-trust-in-cloud-security)
24 | - [Cloud Security Documentation](#cloud-security-documentation)
25 |
26 |
27 | # Why Cloud Security
28 |
29 | Cloud security is important because it helps to protect your data and applications from unauthorized access, use, disclosure, disruption, modification, or destruction.
30 |
31 | Here are some of the reasons why cloud security is important:
32 |
33 | - Data breaches are a real threat. In 2021, there were over 15 billion records exposed in data breaches. This data could include personal information, financial information, and intellectual property.
34 | - Cloud computing is a popular target for hackers. Because cloud computing is so widely used, it is a popular target for hackers. Hackers can target cloud computing environments to steal data, launch denial-of-service attacks, or disrupt services.
35 | - Cloud computing is complex. The complexity of cloud computing makes it difficult to secure. There are many different components to cloud computing environments, and each component has its own security risks.
36 |
37 | # Identity and access management (IAM)
38 |
39 |
40 | Identity and access management (IAM) is a framework of policies and technologies that helps organizations secure their systems and data by controlling who has access to what. IAM encompasses the processes of creating, managing, and retiring user identities, as well as controlling access to resources such as applications, data, and systems.
41 | * AWS IAM Securely manage identities and access to AWS services and resources.
42 | * Azure IAM Secure access to your resources with Azure identity and access management solutions.
43 | * Google Cloud IAM Fine-grained access control and visibility for centrally managing Google cloud resources.
44 |
45 | # Detection
46 |
47 | Security detection in the cloud refers to the process of identifying and responding to security threats and incidents within a cloud environment. Cloud providers offer various security detection mechanisms and services to help customers protect their data and applications.
48 | Some common security detection capabilities in the cloud:
49 | 1. Intrusion Detection and Prevention Systems (IDS/IPS)
50 | 2. Log Management and Analysis
51 | 3. Threat Intelligence
52 | 4. Security Analytics
53 | 5. Vulnerability Scanning
54 | 6. Behavioral Analysis
55 | 6. File Integrity Monitoring
56 | 7. Distributed Denial of Service (DDoS) Protection
57 | 8. Endpoint Detection and Response (EDR)
58 | - AWS Detection Security Pillar
59 | - Azure Anomaly Detector Anomaly Detection System
60 | - Google Cloud Cybereason Endpoint Detection and Response
61 |
62 | # Cloud Infrastructure Protection
63 |
64 | Cloud infrastructure protection is the practice of securing cloud-based resources, such as servers, storage, and networks. It is a critical aspect of cloud security and is essential for protecting the confidentiality, integrity, and availability of cloud-based data and applications.
65 |
66 | - AWS Infrastructure Protection AWS Holistic guidelines and trainings to help you prevent attacks
67 | - Azure Infrastructure Security Securing the Azure infrastructure
68 | - Google Infrastructure Security Google Cloud's global technical infrastructure
69 |
70 | # Data Protection
71 |
72 |
73 | Data protection is the process of ensuring that data is secure from unauthorized access, use, disclosure, disruption, modification, or destruction. It is a critical aspect of information security and is essential for protecting the confidentiality, integrity, and availability of data.
74 |
75 | - Data Protection & Privacy at AWS Build with comprehensive data protection in the cloud
76 | - Azure Data Privacy in the Trusted Cloud You control your data
77 | - Google Cloud Transparency & Data Protection Creating trust through transparency
78 |
79 | # Compliance
80 |
81 | Cloud compliance refers to adhering to regulatory, industry, and organizational standards when utilizing cloud services. Cloud providers often offer various compliance certifications and frameworks to demonstrate their commitment to security and data privacy.
82 |
83 | - AWS Compliance
84 | - Azure Compliance
85 | - Google Cloud Compliance
86 |
87 | # Zero Trust in Cloud Security
88 |
89 | Zero trust is a security model that assumes that no user or device is inherently trustworthy, even if they are inside the network perimeter. This means that all access to resources, regardless of location, must be authenticated and authorized.
90 |
91 | Zero trust is a departure from traditional security models, which rely on perimeter security to protect assets. Perimeter security is based on the idea that the network perimeter is a secure boundary that can be used to keep unauthorized users out. However, this model is no longer effective in today's world, where users and devices can connect to the network from anywhere.
92 |
93 | - Zero Trust on AWS Advancing your security model with a Zero Trust approach.
94 | - Azure Zero Trust security Guiding principles of Zero Trust.
95 | - Google Cloud Zero Trust Zero trust defined.
96 |
97 | # Cloud Security Documentation
98 |
99 | - AWS Cloud Security Infrastructure and services to elevate your security in the cloud.
100 | - Azure Cloud Security Strengthen your security posture with Azure.
101 | - Google Cloud Security Your security transformation: safer with Google technology and expertise.
102 |
103 | # Open Source repositories for Cloud Security
104 |
105 | There are several open-source projects and repositories that focus on cloud security for various cloud platforms. Here are a few popular ones:
106 |
107 | 1. Cloud Custodian: This is an open-source rules engine for managing and securing cloud resources across multiple cloud providers. It provides a YAML-based policy language to define security and compliance rules for resources in AWS, Azure, and Google Cloud. Repository: https://github.com/cloud-custodian/cloud-custodian
108 |
109 | 2. kube-hunter: It is a security tool for Kubernetes clusters. It helps you discover security vulnerabilities in your Kubernetes infrastructure by actively scanning for weaknesses. Repository: https://github.com/aquasecurity/kube-hunter
110 |
111 | 3. ScoutSuite: ScoutSuite is a security auditing tool for multi-cloud environments. It assesses the security posture of AWS, Azure, and Google Cloud by scanning for misconfigurations, best practices, and potential security risks. Repository: https://github.com/nccgroup/ScoutSuite
112 |
113 | 4. TerraScan: TerraScan is a static code analysis tool for detecting security vulnerabilities in Infrastructure-as-Code (IaC) templates. It supports popular IaC frameworks like Terraform, AWS CloudFormation, and Azure Resource Manager templates. Repository: https://github.com/accurics/terrascan
114 |
115 | 5. Falco: Falco is an open-source cloud-native runtime security tool. It uses behavioral rules and system call events to detect and alert on potential security threats in containerized environments, including Kubernetes clusters. Repository: https://github.com/falcosecurity/falco
116 |
117 | # Note
118 |
119 | Please note that the information provided is a general overview and may not capture every detail or feature of each cloud. It's important to refer to the official documentation and websites of each cloud provider for the most up-to-date and comprehensive information regarding their Security offerings.
120 |
--------------------------------------------------------------------------------