Blowing up Serverless Security and How to Avoid it (Part 2)

Presented by

Josh Stella, Fugue Co-Founder and CEO; Curtis Myzie, Fugue VP Engineering and Wayne Crissman, Fugue Director of Security

About this talk

In the cloud, “serverless” architectures can shift a lot more security responsibility to the cloud service provider. But the responsibilities that remain yours look radically different than what many are used to. In our first Cloud Security Masterclass session on serverless security, we surveyed what cloud security looks like for serverless environments. In this session, we’re going deep on the biggest and most important attack surface when it comes to serverless: Identity and Access Management (IAM). Josh Stella (co-founder and CEO) is joined again by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to dig into the role IAM plays with serverless security, how IAM misconfigurations put data at risk, and why these mistakes are so easy to make and common in enterprise cloud environments. This session covers: The IAM attack surface with serverless cloud environments The strategies hackers use to exploit IAM misconfigurations How to spot these mistakes and eliminate them

Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (18)
Subscribers (761)
Cloud computing has turned security on its head. The cloud attack surface is the configuration of thousands of interrelated resources — and it’s all changing constantly. Ensuring continuous cloud security and compliance requires a deep understanding how cloud works and the nature of misconfiguration. Why it happens, how hackers exploit it, and how to prevent it. At Fugue, we’re committed to helping cloud professionals master the concepts they need to ensure the security of their cloud infrastructure. Our Cloud Security Masterclass series is led by Fugue CTO and co-founder Josh Stella, who has extensive experience with cloud security and working with national security customers as a Principal Solutions Architect with AWS. He takes us on technical deep dives into critical cloud infrastructure security concepts. Fugue helps cloud teams transform how they do cloud security at every stage of the software development lifecycle — so they can move faster in the cloud without breaking the rules that put data at risk.