Over 90% of IaaS/PaaS security incidents happen on consumer fault. Cloud platforms are complicated, with a steep learning curve and it is easy to make mistakes.
In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.
Guest: Evgeny Zislis, CTO at ProdOPS
0:00 – 2:10 – intro and introducing our guest
2:10 – 31:05 – What are the common cloud misconfiguration and mistakes
- Improper security group configuration
- Object storage negligence – open buckets on s3
- Insecure storing of API/Access Keys – config file in open Github repo is not the best place to store access keys
- Vulnerable servers exposed (exposing your 5 years old, not updated Linux server is not recommended)
- Fail to segregate different services into different accounts / vpc / subnets
- Everyday use of root account and relying on one account only
31:05 – 34:20 – Avoiding cloud misconfigurations: the process angle
34:20 – 38:33 – Avoiding cloud misconfigurations: the people angle
38:33 – 49:00 – Avoiding cloud misconfigurations: the technology angle
49.00 – 52:00 – Summary and conclusions