RMISC 2019: Cloud Security on the Dollar Menu
Articles by: Richey May, Jun 12, 2019
Richey May Technology Solutions’ Evan Bredahl, Security Engineer, and Michael Wylie, CISSP, Director, Cybersecurity Services, spoke about cloud security at the Rocky Mountain Information Security Conference (RMISC) last week, attracting over 100 attendees.
With large organizations such as Verizon, Booz Allen Hamilton, Tesla and GoDaddy flooding the headlines with cloud breaches, business email compromise and cloud storage exposing sensitive data, our team put together an informative talk to help organizations implement proper cloud security.
The talk, “Cloud Security on the Dollar Menu,” outlined common problems facing organizations using public clouds and provided information on inexpensive, easy-to-implement solutions that can be quickly deployed. Migrating to any cloud provider offloads some, but not all, of the security responsibilities, so it’s important to understand who is responsible for what. Amazon summarizes the shared cloud responsibility model as the customer being responsible for the security “in” the cloud, while Amazon Web Services (AWS) is responsible for security “of” the cloud.
Key areas of discussion included:
- Account takeover and instance sprawl
- Case studies of compromised cloud accounts used for cryptojacking, adding tens of thousands of dollars to customers’ bills
- How to create granular permissions and access based on the principal of least privilege
- Ways to limit and control the use of pragmatic access to AWS services
- Critical logging that needs to be enabled for alerting and anomaly detection
- Quick ways to perform log analysis without a SIEM
- Reconnaissance techniques and tools used by hackers
- Data being leaked in S3 buckets and methods to detect data exposure before it’s too late
- Firewall options, pros/cons and features
- Methods for taking inventory of changes to firewalls and protecting cloud instances
- Detecting and alerting on instance changes, such as new services being turned on
- And much more
Gartner, a global research and advisory company, expects cloud growth to continue to expand year over year. While migrating to the cloud has many benefits, it’s important to implement proper security controls to reap the full advantages of cloud computing.