Last Week! Get an iPad (32G), Galaxy Tab A, or $250 Off with Online Training! Dont Miss Out!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Secure by Default? Scoring the Big 3 Cloud Providers

  • Monday, January 27th, 2020 at 1:00 PM EST (18:00:00 UTC)
  • Brandon Evans
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

This presentation will provide a technical comparison of the default configurations for various services provided by the Big 3 Cloud Providers: AWS, Azure, and the Google Cloud Platform. We will compare services apples to apples, preferring platforms powered by open-source software where possible. Using a consistent methodology, I will score each provider in a variety of categories and give each a report card. Attendees will be provided resources to evaluate these services for themselves and introduce alternative viewpoints.

Topics include: the strength of access controls for file storage solutions (AWS S3, Azure Storage, and Google Cloud Storage), encryption of data in-transit and at rest for managed SQL servers (AWS RDS, Azure Database, and Google Cloud SQL), management and invocation privileges for serverless functions (AWS Lambdas, Azure Functions, and Google Cloud Functions), and much more.

Our goal is to bring attention to the importance of scrutinizing default settings, especially for new functionality. With better awareness, we can hold our providers to a higher standard to make the path of least resistance a safe one. Long-term, we should push for the ability to better control what actions and configurations are allowed within our cloud accounts.

Speaker Bio

Brandon Evans

Brandon is a Senior Application Security Engineer at Asurion. In this role, Brandon provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. This includes performing secure code reviews, conducting penetration tests, developing secure coding patterns, and evangelizing the importance of creating secure products.

Previously serving as a software engineer at Asurion, he worked on their Tech Expert service, which offers personalized help, guidance and tips across all of the customer's connected devices. Additionally, he has served as a Security Maven for Asurion since early 2018, where he has acquired his GSEC, GSSP-JAVA, GWAPT, and GPEN certifications, attended the 2019 AppSec California Conference, and won five Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27. Prior to Asurion, Brandon was a developer for Smartvue Corporation, an Internet-of Things video surveillance startup that has since been acquired by Johnson Controls.

In his spare time, he is also an Instructor at the Vanderbilt University Web Development Coding Bootcamp and a contributor to the OWASP Serverless Top 10 Project. Brandon has a Bachelor's Degree in Computer Science from Binghamton University, where he was also a competitive member of their debate team.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.