Attendees
Guest: Evgeny Zislis
Guest title:  CTO
Company:  ProdOPS
Abstract
Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time. 
Timing:
0:00 – 2:10 - intro and introducing our guest
2:10 -   31:05 - What are the common cloud misconfiguration and mistakes 

Improper security group configuration
Object storage negligence - open buckets on s3
Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys
Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended)
Fail to segregate different services into different accounts / vpc / subnets
Everyday use of root account and relying on one account only

31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle
34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle
38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle   
49.00 – 52:00 Summary and conclusions

Ver todos los episodios