FILE: materi-11.module

Cloud Security

Security challenges di cloud. Shared responsibility model. AWS, GCP, Azure security services.

RUNTIME: 28m LEVEL: advanced STATUS: ACTIVE
AWS GCP AZURE CLOUD PROVIDERS Multi-cloud strategy modern

1. Cloud Bukan Otomatis Aman

Cloud provider amankan infrastructure (data center, hardware). User amankan workload (config, data, access). Shared responsibility model. Misconfigurations adalah penyebab #1 cloud breach.

2. Common Misconfig

S3 bucket public (Capital One breach). Security group terlalu permisif (port 22 open ke 0.0.0.0). Hardcoded credentials di code. IAM permission terlalu lebar. Logging tidak enable.

3. IAM Best Practices

Principle of least privilege. MFA wajib untuk akses console. Pakai role bukan user untuk EC2. Rotation key access reguler. Audit dengan tools seperti CloudTrail. Avoid root account untuk daily ops.

4. Cloud Security Tools

AWS: GuardDuty (threat detection), Security Hub (compliance), Macie (sensitive data scan). GCP: Security Command Center. Azure: Sentinel SIEM. Third-party: Wiz, Palo Alto Prisma.

5. Compliance di Cloud

PCI DSS, HIPAA, ISO 27001, SOC 2. Cloud provider sediakan compliance attestations. Customer tetap perlu apply control yang sesuai. Audit reguler.

Practical Mission

  1. Setup AWS free tier dan amankan
  2. Audit S3 buckets yang public
  3. Konfigurasi MFA di akun AWS
  4. Pelajari Cloud Security Alliance certification
  5. Lakukan threat model cloud workload sederhana

Recap Module