Cloud Security Today artwork

How Common Identity Misconfigurations Can Undermine Cloud Security

Cloud Security Today

English - March 10, 2021 23:00 - 46 minutes - 31.7 MB - ★★★★★ - 13 ratings
Technology devsecops cloud security cloud aws azure google supply chain Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Next Episode: Did You Know You Have a SaaS Problem?

Send us a Text Message.

Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other. 

 Key Points From This Episode:

●      How to become a threat researcher. Q and Jay share a little bit about their background.

●      Watch your roles and look out for wildcards in configurations!

●      APIs don’t always behave as expected – test them!

Tweetables:

“My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55]

“The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00]

Links Mentioned in Today’s Episode:

 

Matt Chiodi on LinkedIn

Matt Chiodi on Twitter

Unit 42 Cloud Threat Report

Nathaniel Quist on LinkedIn

Jay Chen on LinkedIn

IAMFinder tool on GitHub

Secure applications from code to cloud.
Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Twitter Mentions