Workshop Stage 2 - Hopin 3
Wednesday, September 30, 2020
Cloud misconfiguration is now the leading cause of cloud-based data breaches, typically due to a lack of secure cloud architecture practices. Because cloud infrastructure is 100% software, cloud security is a software engineering problem, not a traditional security analysis problem. In order to prevent data breaches in the cloud, we must address it with secure software architecture right from the start.
In this talk, Josh Stella will run a live simulation of an advanced cloud misconfiguration exploits to show a number of ways common cloud architectural anti-patterns create opportunities for hackers to gain entry to cloud environments, move laterally using tools like IAM services, and ultimately discover and breach data. Many of the misconfigurations exploited won’t be flagged by compliance scans and often aren’t considered risky by security teams.
At each step, Josh will share alternative approaches to architecting cloud infrastructure services to ensure our applications run efficiently while denying bad actors the tools and means to exploit them. Attendees will leave with actionable insights to evaluate their own cloud environment for misconfiguration vulnerabilities, how to address them, and how to bake secure cloud architecture approaches into software development.