Prioritizing Risk Among the Chaos of Cloud Development
Eric Kedrosky, CISO, Sonrai Security and Jeff Moncrief, Field CTO, Sonrai Security
About this talk
Cloud development has enabled amazing innovations and allowed our companies to move faster. It’s also completely broken the old methods for prioritizing risk remediations.
With an infrastructure that changes day-to-day, minute-to-minute, a cloud’s perimeter is hard to define. Checking for open network access and CVEs doesn’t keep attackers out of your cloud.
The number of software vulnerabilities present at any point in the cloud, particularly with open source-driven development, far outnumber what was typical in the data center world. And the explosion of identities - representing both real users and machine identities - has opened up the attack surface for credential abuse a hundred-fold. These massive changes in scale make it overwhelming to try and to answer the question, “what should I fix next?”
The sheer scale and ephemeral nature of cloud demands a new approach to risk prioritization. Beyond securing a perimeter, combinations of overlapping risks create a hidden blast radius that includes sensitive data. An attacker may enter the cloud via a vulnerability on a sandbox environment, but through subsequent indirect access abuse, be able to move laterally and access PII. The only way to stop this? Knowing where your sensitive data is, and how anyone or anything can access it - even if access requires a combination of workload, identity, and network-based risks.
We’ve brought together cloud security leaders responsible for securing many of the Fortune 100 enterprise clouds to discuss how to rebuild remediation prioritization, and how blast radius intel is critical to spending your team’s remediation efforts wisely.
During this session, our panel of cloud security leaders will share:
• Ideas for building in the cloud fast and securely
• How to overcome the cloud complexity challenge
• What alignment between dev, security, and ops can do for your company
• Avoiding the common pitfalls around prioritization
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa…