Episode 26: Current Challenges With Cloud

Episode 26: Current Challenges With Cloud

SilverLining IL

Episode 26: Current Challenges With Cloud

00:00 / 00:49:26

Hosted By

Moshe Ferber

Ariel Munafo

Show Notes

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more.

Agenda

Opening words - 5 min

introducing the podcast - Moshe / Ariel
Introducing our guest - Ariel
Introducing myself - Moshe
Introducing the topic and context of the podcast - Moshe

Security challenges

People

Shortage in manpower: There are missing jobs for cyber professional and especially application security
Shortage in knowledge: security professional lag behind learning new technologies

Process

Malicious insider - one of the biggest challenges for cloud providers
Shared responsibility model collapsing
Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data
Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest

Technology

API security best practices - there will be more & more API’s, we did not master how to protect them
Encryption and key management - the holy grail for holding your own encryption keys is fading
Multi tenancy - we don't have clear practices on building multi tenant applications
Identity based access controls - network access controls are useless in cloud computing, but our ability to create granular access controls based on identity is not mature yet
Multi tenancy
Continuous monitoring
Automation and devops - Security automation is still maturing. We still don't know how to integrate developers and operation without breaking best practices
Using the wrong tools

Closure (5 min)

Moshe - Summersing
Ariel - closing

Other Episodes

Episode 38

May 12, 2021 • 00:32:43

Episode Cover

SilverLining Episode 38: Cloud Native Security Foundations

Attendees Guest: Gadi Naor Guest Title: VP Software Engineering, Cloud Security @ Rapid7 Topic: Cloud Native Security Foundations Abstract Lately, The CNCF (Cloud Native Computing Foundation) released the cloud native security whitepaper: the first release of security guidelines for organizations who adopt cloud native approaches. In order to better understand the guidelines, we hosted Gadi Naor, VP Software Engineering, Cloud Security @ Rapid7, and co-author of the guidelines, for a conversation about what is cloud native security and why & how organizations should adopt this approach. ...

Episode 21

August 03, 2020 • 00:26:59

Episode Cover

Episode 21: Building The Next Generation Of Cloud Services

Attendees Guest: Eran Feigenbaum Guest title: CSO, Oracle Cloud Abstract The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services. Timing: 0:00 introducing our guest 5:40 Generation one of cloud infrastructure 8:40 so what is second generation of cloud infrastructure 10:30 how Oracle is planning to change the cloud market 11:40 how second generation cloud services can help with common mistakes such as misconfiguration 13:35 what cloud provider should do in order to increase security 16:05 how cloud providers can be proactive with their customers 19:00 handling miss-configuration such as open buckets and lost API’s keys 23:40 summary and last words ...

Episode 17

August 02, 2020 • 00:37:03

Episode Cover

Episode 17: How to do penetration testing in cloud application

Attendees Guest: Oz Avenstein Guest Title: Founder Company: Avensec Abstract Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly. Timing: 0.50 introducing our guest 3.40 How is cloud penetration tests different from regular pen tests? 5.01 elaborating about IaaS/PaaS particular pen test policies 8.45 pen testing SaaS applications 11.05 relaying on 3rd party pen testing 12.02 cloud pen test considerations and phases 17.35 the actual pen testing 21.20 the reporting phase 23.40 incorporating pen test into applications development cycle 34:00 Summary and last words ...