We continue the series of safe and contactless Wrike TechClub meetups. This time we will talk about the security of cloud solutions and services. Let's touch on the issues of protection and control of data that is stored in several distributed environments. Let's discuss the risks and ways to minimize them when integrating with cloud or SaaS solutions.
Meetap will be of interest to employees of information security departments, architects who design IT systems, system administrators, DevOps and SysOps specialists.
Program and speakers
1. Anton Bogomazov, Wrike - "Before you step into the clouds"
Cloud technologies as one of the promising areas attract more and more companies to deploy their infrastructure in the "clouds". They attract with their flexibility, especially in terms of infrastructure deployment and support. Thus, when, after weighing all the pros and cons, you have decided to deploy infrastructure in the cloud, it is worth thinking about security, both at the planning stage and at the stages of implementation and use. But where to start?
2. Anton Zhabolenko, Yandex.Cloud - "Using seccomp to protect cloud infrastructure"
In the report, we will talk about seccomp, a Linux kernel mechanism that allows you to limit the system calls available to the application. We will demonstrate how this mechanism allows you to reduce the attack surface on the system, and also describe how it can be used to protect the internal infrastructure of the cloud.
3. Vadim Shelest, Digital Security - Cloud Pentest: Amazon AWS Testing Methods
Currently, more and more companies are thinking about switching to the use of cloud infrastructure. Some want to optimize maintenance and personnel costs in this way, others believe that the cloud is more protected from attacks by intruders and is secure by default.
Indeed, large cloud providers can afford to maintain a staff of qualified professionals, conduct their own research and constantly improve the level of technical equipment, using the latest and most advanced security solutions.
But can all this protect against banal administration errors, incorrect or default cloud service configuration settings, leaked access keys and credentials, and vulnerable applications? How secure the cloud is and how to timely identify possible misconfigurations in the AWS infrastructure will be discussed in this report.
4. Almas Zhurtanov, Luxoft - βBYOE at minimum wagesβ
The problem of protecting personal data when using SaaS solutions has been worrying information security specialists around the world for a long time. Even with maximum protection from external intruders, the question arises about the degree of control of the SaaS platform provider over the data processed by the platform. In this talk, I want to talk about a simple way to minimize the access of a SaaS provider to customer data by implementing transparent data encryption on the client side and look at the pros and cons of such a solution.
5. Alexander Ivanov, Wrike - Using osquery to monitor a Kubernetes cluster
The use of containerized environments such as Kubernetes makes it harder to track anomalous activities within these environments compared to a traditional infrastructure. To monitor hosts in traditional infrastructure, osquery is often used.
Osquery is a cross-platform tool that presents the operating system as a high performance relational database. In the report, we will look at how osquery can be used to improve container monitoring in terms of information security.
- at the meetup
- from the previous Wrike TechClub food safety meetup
Source: habr.com