Thant Zin Phyo

About the use case AWS Security Hub  is a security service that helps you manage security posture by collecting security data from AWS and third-party sources, and enabling analysis and remediation of security issues that are found. Late last year,  AWS introduced new central configuration capabilities in AWS Security Hub  in the form of Security Hub configuration policies (SHCPs). With SHCPs, we can customize many aspects of the Security Hub configuration which can be consistently applied to all members of the organization. This addresses many challenges with managing Security Hub across an organization which I experienced first hand last year. It was practically futile to build Security Hub enablement into  AWS Control Tower Account Factory for Terraform (AFT) ! As this is the new best practice, we'll be using this feature. Since it is increasingly common to establish an AWS landing zone using  AWS Control Tower , we will use the  standard account s...

Microsoft Defender for Cloud is Azure's integrated cloud security posture management (CSPM) and cloud workload protection platform (CWPP). This guide covers enabling Defender across your subscriptions, configuring security policies, and setting up alert notifications for proactive threat response. Overview Microsoft Defender for Cloud provides: Security posture management : Recommendations, Secure Score, and compliance assessments Workload protection : Threat detection for VMs, containers, databases, storage, and more Attack path analysis : Identify and remediate critical attack vectors DevSecOps integration : Security scanning in CI/CD pipelines The service works across Azure, AWS, GCP, and on-premises environments, providing unified security management. Prerequisites Before setting up Defender for Cloud, ensure you have: Azure subscription  with Owner or Security Admin role Understanding of workload types  requiring protection Budget approval  for paid Defender plans (o...