Tuesday, June 19, 2018

CLOUD EXPOSURE, DLP & IR, A-Z

Photo Credit: My co-worker’s mug, taken with permission for use.

Today I'm releasing my guide on data leakage and IR in the cloud.  I was incredibly inspired by Ed Skoudis’ portion of the 2018 SANS RSA Keynote entitled, “The Five Most Dangerous New Attack Techniques.”  In his keynote, Ed talked about our increasing collaboration with cloud based tools and repositories.  Some examples were Amazon AWS/S3, Docker Hub, GitHub, Google Cloud and Microsoft Azure.  Ed reminded us that we’ve seen some pretty serious “oopsies” from several high profile entities over the past year (Time Warner, Uber, U.S. Army, Verizon), and that data exposure can happen from something as mindless as a misconfiguration of a private repository marked as public or even a public repo mistakenly containing sensitive data.  The talk was so popular, there’s since been a SANS follow-up webinar (also posted at the aforementioned link).  Grab my new paper here, hope you enjoy it!