Chapter 3: Cloud Configuration Pitfalls

Over 90% of IaaS/PaaS security incidents happen on consumer fault. Cloud platforms are complicated, with a steep learning curve and it is easy to make mistakes.

In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.

Guest: Evgeny Zislis, CTO at ProdOPS


0:00 – 2:10  – intro and introducing our guest

2:10 – 31:05 – What are the common cloud misconfiguration and mistakes

  • Improper security group configuration
  • Object storage negligence – open buckets on s3
  • Insecure storing of API/Access Keys – config file in open Github repo is not the best place to store access keys
  • Vulnerable servers exposed (exposing your 5 years old, not updated Linux server is not recommended)
  • Fail to segregate different services into different accounts / vpc / subnets
  • Everyday use of root account and relying on one account only

31:05 – 34:20 – Avoiding cloud misconfigurations:  the process angle

34:20 – 38:33 – Avoiding cloud misconfigurations:  the people angle

38:33 – 49:00 – Avoiding cloud misconfigurations:  the technology angle    

49.00 – 52:00 – Summary and conclusions


Leave a Reply

Your email address will not be published. Required fields are marked *

SilverLining © 2019