SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Secure by Default? Scoring the Big 3 Cloud Providers

  • Monday, January 27, 2020 at 1:00 PM EST (2020-01-27 18:00:00 UTC)
  • Brandon Evans

You can now attend the webcast using your mobile device!

  

Overview

This presentation will provide a technical comparison of the default configurations for various services provided by the Big 3 Cloud Providers: AWS, Azure, and the Google Cloud Platform. We will compare services apples to apples, preferring platforms powered by open-source software where possible. Using a consistent methodology, I will score each provider in a variety of categories and give each a report card. Attendees will be provided resources to evaluate these services for themselves and introduce alternative viewpoints.

Topics include: the strength of access controls for file storage solutions (AWS S3, Azure Storage, and Google Cloud Storage), encryption of data in-transit and at rest for managed SQL servers (AWS RDS, Azure Database, and Google Cloud SQL), management and invocation privileges for serverless functions (AWS Lambdas, Azure Functions, and Google Cloud Functions), and much more.

Our goal is to bring attention to the importance of scrutinizing default settings, especially for new functionality. With better awareness, we can hold our providers to a higher standard to make the path of least resistance a safe one. Long-term, we should push for the ability to better control what actions and configurations are allowed within our cloud accounts.

Speaker Bio

Brandon Evans

Brandon is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Brandon is lead author for the new SEC510: Multicloud Security Assessment and Defense and a contributor and instructor for SEC540: Cloud Security and DevOps Automation. He’s a contributor to the OWASP Serverless Top 10 Project and a co-leader for the Nashville OWASP chapter. Learn more about Brandon here.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.