Last Day to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Secure by Default? Scoring the Big 3 Cloud Providers

  • Monday, January 27, 2020 at 1:00 PM EST (2020-01-27 18:00:00 UTC)
  • Brandon Evans

You can now attend the webcast using your mobile device!



This presentation will provide a technical comparison of the default configurations for various services provided by the Big 3 Cloud Providers: AWS, Azure, and the Google Cloud Platform. We will compare services apples to apples, preferring platforms powered by open-source software where possible. Using a consistent methodology, I will score each provider in a variety of categories and give each a report card. Attendees will be provided resources to evaluate these services for themselves and introduce alternative viewpoints.

Topics include: the strength of access controls for file storage solutions (AWS S3, Azure Storage, and Google Cloud Storage), encryption of data in-transit and at rest for managed SQL servers (AWS RDS, Azure Database, and Google Cloud SQL), management and invocation privileges for serverless functions (AWS Lambdas, Azure Functions, and Google Cloud Functions), and much more.

Our goal is to bring attention to the importance of scrutinizing default settings, especially for new functionality. With better awareness, we can hold our providers to a higher standard to make the path of least resistance a safe one. Long-term, we should push for the ability to better control what actions and configurations are allowed within our cloud accounts.

Speaker Bio

Brandon Evans

Brandon is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Brandon is lead author for the new SEC510: Multicloud Security Assessment and Defense and a contributor and instructor for SEC540: Cloud Security and DevOps Automation.  Throughout his security journey, Brandon has earned five GIAC certifications - GSEC, GSSP-JAVA, GWAPT, GPEN, and most recently, the GCSA. He holds a Bachelor's Degree in Computer Science from Binghamton University, where in his senior year, Brandon won the “Best Use of the SendGrid API” at the HackBU Hackathon. Additionally, he has won four Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27, and in 2017 Brandon won the Asurion Hackathon for making an Alexa skill for cellphone support. Brandon taught the first ever cohort at the Vanderbilt University Web Development Coding Bootcamp in 2019, and he’s a contributor to the OWASP Serverless Top 10 Project.

To learn more about Brandon, read his full bio here:

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.