The missing story with every cloud breach—and what you need to know and do

Logo
Presented by

Josh Stella, Chief Architect, Fugue a Part of Snyk

About this talk

When the headline reads “Company suffers cloud data breach due to misconfigured server,” recognize that this is only a small part of the story. What’s missing is the series of moves the attacker executed to achieve their ultimate goal, because the data they’re after rarely resides on the initial “misconfigured server”. Failing to understand how attackers operate in the cloud causes teams to focus too much on the wrong things and develop a false sense of security. In this session, Snyk chief architect Josh Stella will explain how nearly every major cloud breach goes down, and why cloud security keeps failing even the most sophisticated teams and organizations. He’ll walk through how attackers are not only exploiting individual resource misconfigurations, but also architectural design vulnerabilities that enable them to compromise the cloud API control plane in order to discover and extract data without detection. Josh will lay out a five-point approach for addressing these modern cloud attacks: 1) know your environment; 2) focus on prevention; 3) Empower your developers; 4) automate with policy as code; and 5) measure what matters. You’ll walk away from this session with a better understanding of cloud threats and a systematic strategy for addressing them.
Related topics:

More from this channel

Upcoming talks (7)
On-demand talks (925)
Subscribers (70103)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa