Secure by Default? Scoring the Big 3 Cloud Providers

  • Monday, 27 Jan 2020 1:00PM EST (27 Jan 2020 18:00 UTC)
  • Speaker: Brandon Evans

This presentation will provide a technical comparison of the default configurations for various services provided by the Big 3 Cloud Providers: AWS, Azure, and the Google Cloud Platform. We will compare services apples to apples, preferring platforms powered by open-source software where possible. Using a consistent methodology, I will score each provider in a variety of categories and give each a report card. Attendees will be provided resources to evaluate these services for themselves and introduce alternative viewpoints.

Topics include: the strength of access controls for file storage solutions (AWS S3, Azure Storage, and Google Cloud Storage), encryption of data in-transit and at rest for managed SQL servers (AWS RDS, Azure Database, and Google Cloud SQL), management and invocation privileges for serverless functions (AWS Lambdas, Azure Functions, and Google Cloud Functions), and much more.

Our goal is to bring attention to the importance of scrutinizing default settings, especially for new functionality. With better awareness, we can hold our providers to a higher standard to make the path of least resistance a safe one. Long-term, we should push for the ability to better control what actions and configurations are allowed within our cloud accounts.