Client Access is the Achilles' Heel of the Cloudâ¦
- Bryce Galbraith
- Thursday, December 5th, 8:15pm - 9:15pm
Representations of cloud infrastructures often reassure us of their robust security mechanisms by prominently displaying the familiar gold lock in the center of the cloud. While many cloud providers genuinely do strive to deliver confidentiality, integrity, and availability the vital question remains: "Is our data actually secure or not?"
The elephant in the room is that client access is the Achilles' heel of the cloud. This talk has been rejected by more than one cloud conference because they would usually rather not talk about these risks. The truth remains, our data is vulnerable virtually everywhere except the cloud (assuming it is actually secure there to begin with).
This talk will clearly illustrate the realities of cloud infrastructure risks for those people who desire to look beyond the cost-savings and operational benefits clouds can provide and truly protect their zeros and ones, wherever they end up.
Numerous demonstrations of hacker tools and techniques will show how attackers can access data even when the cloud infrastructure itself does not have any known vulnerabilities (e.g. sql-injection, XSS, session management flaws or other logic flaws) by simply bypassing most of the security controls we rely on when using cloud resources.
If you are serious about protecting your data, you will want to be keenly aware of these risks...
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
|General Session - Welcome to SANS||Eric Conrad||Tuesday, December 3rd, 8:15am - 8:45am||Special Events|
|Real-World Risk -- What Incident Responders Can Leverage from IT Operations||Eric Conrad||Tuesday, December 3rd, 7:15pm - 9:15pm||Keynote|
|The 13 Absolute Truths of Security||Keith Palmgren||Wednesday, December 4th, 7:15pm - 8:15pm||SANS@Night|
|The Security Impact of IPv6||Johannes Ullrich||Wednesday, December 4th, 8:15pm - 9:15pm||SANS@Night|
|GIAC Program Overview||Johannes Ullrich||Thursday, December 5th, 7:15pm - 8:15pm||Special Events|
|SANS Technology Institute Open House||Johannes Ullrich||Thursday, December 5th, 7:15pm - 8:15pm||Special Events|
|Client Access is the Achilles' Heel of the Cloudâ¦||Bryce Galbraith||Thursday, December 5th, 8:15pm - 9:15pm||SANS@Night|
|Network Forensic and Visualization Techniques||Steve Armstrong||Friday, December 6th, 7:15pm - 8:15pm||SANS@Night|