The missing story with every cloud breach—and what you need to know and do

Logo
Presented by

Josh Stella, Chief Architect, Fugue a Part of Snyk

About this talk

When the headline reads “Company suffers cloud data breach due to misconfigured server,” recognize that this is only a small part of the story. What’s missing is the series of moves the attacker executed to achieve their ultimate goal, because the data they’re after rarely resides on the initial “misconfigured server”. Failing to understand how attackers operate in the cloud causes teams to focus too much on the wrong things and develop a false sense of security. In this session, Snyk chief architect Josh Stella will explain how nearly every major cloud breach goes down, and why cloud security keeps failing even the most sophisticated teams and organizations. He’ll walk through how attackers are not only exploiting individual resource misconfigurations, but also architectural design vulnerabilities that enable them to compromise the cloud API control plane in order to discover and extract data without detection. Josh will lay out a five-point approach for addressing these modern cloud attacks: 1) know your environment; 2) focus on prevention; 3) Empower your developers; 4) automate with policy as code; and 5) measure what matters. You’ll walk away from this session with a better understanding of cloud threats and a systematic strategy for addressing them.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (26)
Subscribers (2876)
Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code & open source to containers & cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix & merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find & fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free!