SilverLining IL
Episode 3: Cloud Configuration Pitfalls
Attendees
Guest: Evgeny Zislis
Guest title: CTO
Company: ProdOPS
Abstract
Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.
Timing:
0:00 – 2:10 - intro and introducing our guest
2:10 - 31:05 - What are the common cloud misconfiguration and mistakes
- Improper security group configuration
- Object storage negligence - open buckets on s3
- Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys
- Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended)
- Fail to segregate different services into different accounts / vpc / subnets
- Everyday use of root account and relying on one account only
31:05 - 34:20 Avoiding cloud misconfigurations: the process angle
34:20 - 38:33 Avoiding cloud misconfigurations: the people angle
38:33 - 49:00 Avoiding cloud misconfigurations: the technology angle
49.00 – 52:00 Summary and conclusions
Brought to you by MarkeTech Group of SilverLining IL