Thursday, June 17, 2021

Things that the attacker won't care about. Thoughts on cloud security.

 Things that the attacker won't care about:

- whether you have a dedicated infosec team
- their certification level
- your budget for security 
- your roadmap and project plan for addressing security issues 
- you compliance status and audit reports
- vendors and products you are using

Start with very basic, use opensource if needed, build upon this layer by layer. 
Always ask yourself: how I’m protected now? , what could be improved now? What if I’m attacked now

Many say that security is not a state but a process. True, but just a process itself is not a security as well.

These things are not new and obvious. But in the Cloud, they become even more important:

- your infrastructure is always connected and always reachable from anywhere on the planet

- it takes only one compromised credential, few minutes and several API calls to nuke everything in your account. 
What are your incident response SLA times?

- Cloud gives you scalability, but it gives the same scalability to the attacker. Spin 10000 instances to crunch some numbers and attack you? for sure!

- infrastructure as code empowers you, but so true for the attacker - he can reuse templates and patterns for attack infrastructure

- data exfiltration speed now is not limited to your ISP bandwidth, but pretty much extremely fast, unlimited and will end up in your cloud bill.

But, at the same time, the cloud offers endless opportunities to build security on the impossible for on-prem levels, with endless cloud services, templates and unlimited capacity. Build smart, stay secure. 

1 comment:

  1. In trying to find UK on line casino websites, it’s important to check for licences from the UK Gambling Commission or one other reputable organisation that regulates gambling websites obtainable in the UK. All of one of the best on line casino websites provide at least of|no less than} one model of on-line blackjack, though many websites provide dozens of blackjack games. Reputable on line casino websites also have honest play insurance policies, which positive that|be certain that} the site stays compliant with the rules and requirements of the gambling trade and offers a fair play environment. This bonus program offers a first deposit bonus of 100% with a max bonus of 500 USDT and a minimal deposit of 25 USDT. BitFiring will match model new} player’s second by way of sixth deposits as much as} 50 USDT with the same maximums and minimums as earlier than. When invited to turn into OJO A-listers, players get 메리트카지노 money back on all bets with limitless payouts.