Practical advice for securing the cloud

Pickup the Book: Securing DevOps

Get 35% off with when using podaccctrl21.

• https://www.manning.com/books/securing-devops


• http://mng.bz/y9ed

Key Topics

• For startups, it's important to start with the smallest attack
  surface possible for a startup, to focus on their product and leave
  complex infrastructure security and cloud security problems for later
  on.


• The need to start segmenting permissions when there are too many people in a team is a natural, and getting into the cloud services and cloud security business knowing that rearchitecting regularly will be needed is healthy.


• One of the most critical issues we observe in cloud environments today is leaking credentials that give attackers access to identities or accounts in the cloud; such access can be misused to break into services or abuse resources.


• Log management is absolutely critical for security teams of course, but also for anyone else involved with building and running services in the cloud.


• When trying to identify top threats, talk to organization leadership. Often the top threats are already known to the executives.


• Engineers typically want to build security into their systems or their services. They often don't necessarily have the support to do so because that security requirement is not well-documented or explained.