SilverLining IL

Episode 3: Cloud Configuration Pitfalls

Attendees

Guest: Evgeny Zislis

Guest title:  CTO

Company:  ProdOPS

Abstract

Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time. 

Timing:

0:00 – 2:10 - intro and introducing our guest

2:10 -   31:05 - What are the common cloud misconfiguration and mistakes 

• Improper security group configuration
• Object storage negligence - open buckets on s3
• Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys
• Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended)
• Fail to segregate different services into different accounts / vpc / subnets
• Everyday use of root account and relying on one account only

31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle

34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle

38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle   

49.00 – 52:00 Summary and conclusions

Brought to you by MarkeTech of SilverLining IL