topic Re: Cloud security and asset inventory in Threats

Cloud security and asset inventory

JoshuaGabriel — Tue, 05 Sep 2023 00:03:23 GMT

Hi,

Please I have the following concerns:

1. Are there tools you would recommend for comprehensive cloud assets inventory?

2. Is there any recommended platform to run scans on cloud assets?

3. How do you perform secure configuration reviews in the cloud?

4. Is there a way to assess the security risk of AI integrations?

Re: Cloud security and asset inventory

Caute_cautim — Tue, 05 Sep 2023 20:59:35 GMT

@JoshuaGabriel

Question 1: Try this for starters:

https://www.zluri.com/blog/cloud-asset-management-software/

Do your own assessment

Question 2: There are many many vendors:

https://www.coresecurity.com/blog/top-14-vulnerability-scanners-cybersecurity-professionals

ServiceNow can do this as well

Question three: Manually using the SP800-R53 V5 or trust the Cloud Providers, SOC 1 and SOC 2 reports or run your own independent Cloud Security Protection Management system - there are many vendors. Ask yourself how often you need to run the scans? When changes occur? Quarterly? Bi-annually?

Question four: https://owasp.org/www-project-ai-security-and-privacy-guide/

https://www.fairinstitute.org/blog/fair-cyber-risk-analysis-ai-insider-threat-chatgpt

Hope this assists your thinking?

Regards

Caute_Cautim

Re: Cloud security and asset inventory

gregbowers — Sat, 09 Sep 2023 17:59:33 GMT

Hello

It's great that you're concerned about cloud security and asset inventory. Here are some recommendations and insights for your concerns:

1. Cloud Assets Inventory:

AWS: Use AWS Config.
Azure: Try Azure Resource Graph.
Google Cloud: Utilize Cloud Asset Inventory.

2. Scans on Cloud Assets:

AWS: AWS Inspector.
Azure: Azure Security Center.
Google Cloud: Security Command Center.

3. Secure Configuration Reviews:

Use Cloud Security Posture Management (CSPM) tools or Infrastructure as Code (IaC) with Terraform/AWS CloudFormation.

4. Security Risk of AI Integrations:

Conduct threat modeling.
Implement secure development practices.
Consider AI-specific security tools like IBM Watson OpenScale or Azure Machine Learning security features.

Re: Cloud security and asset inventory

marcoperson250 — Thu, 28 Dec 2023 12:44:41 GMT

These are two tools for cloud security and asset inventory Azure Policy and Azure environments.