As hard as it may be, security experts are often expected to act like psychics when it comes to predicting the greatest risks to the organization. While the disruptive forces unleashed by the COVID-19 pandemic continue to shape the global business ecosystem, one important trend remains unchanged: the steady march toward a public cloud world.
With years of industry experience behind them, host Eric Kedrosky, CISO & Director of Cloud Research at Sonrai Security, and David Shackleford, Owner and Principal Consultant of Voodoo Security, are primed and ready to share their cloud security prophecies for 2022 with you!
Get out your crystal ball and join us for a look into the future of cloud security and how cloud security will evolve in 2022. Attendees will hear:
External threats are easy to comprehend for people outside of the security team, and therefore over-represented in business literature: a ‘hacker’ (portrayed as a dark silhouette behind a computer with a hoodie on, for some reason) bangs on the keyboard, probing your defenses until they find some sensitive info that was left public via misconfiguration. There’s sometimes sensitive data in that public bucket, but usually that’s just a starting point to abuse an internal access policy failure. In the public cloud, there are many external threats, but internal threats account for the majority of successful data exposures - and the most costly attacks.
It’s time we switched perception to match reality. The concept of on-premise internal threats weren’t portable to the cloud, as the concept of an “identity” improperly accessing sensitive data has changed entirely. An ‘identity’ is no longer a user or an IT service account, but a set of permissions that can be accessed by many entities several different ways - thanks to permission chaining, development oversights, or privilege escalation capabilities. This can start with a bucket mistakenly left public, but the real damage is done when internal access controls aren’t defending against the abuse of these capabilities.
This requires a different approach to internal access - namely, a Least Access policy becomes paramount for data protection. In this session, we’ll demonstrate typical internal threats in AWS and how they abuse poor identity policies to expose sensitive data. We’ll also cover: