Anzeige

Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches

DevOps.com
DevOps.com
1. Dec 2020
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches

Check these out next

Building Elastic into security operations
Building Elastic into security operations
Elasticsearch
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
Pentest as a Service Impact 2020
Pentest as a Service Impact 2020
DevOps.com
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
What is the Future of SIEM?
What is the Future of SIEM?
Elasticsearch
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
1 von 36

Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches

1. Dec 2020
Downloaden Sie, um offline zu lesen
Technologie

This year has been full of surprises — and cloud security data breaches have been no exception. From hotel chains to dating apps and video conferencing, misconfigurations and mistakes have left many organizations with exposed data. Knowing how data breaches happen and how to prevent them from happening is key when it comes to defending your identities and data access. In this webinar, Eric Kedrosky, CISO and director of cloud research at Sonrai Security, dissects the top 10 notorious cloud data breaches from 2020, breaking down how each was caused and how they could have been prevented. This webinar will detail the anatomy of each type of data breach, what we can learn, what allowed the data breach to happen and the preventative measures. Join this webinar as we dissect the year’s top cloud data breaches and what caused them, including: Identity and authentication for data storage Public cloud misconfiguration Key and secret management Overprivileged identities Malicious Bad Actors

DevOps.com
DevOps.com
Anzeige
Anzeige
Anzeige

Recomendados

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com178 Aufrufe29 Folien
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com131 Aufrufe15 Folien
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudElasticsearch101 Aufrufe25 Folien
Simplicity in Hybrid IT Environments – A Security Oxymoron?Simplicity in Hybrid IT Environments – A Security Oxymoron?
Simplicity in Hybrid IT Environments – A Security Oxymoron?Tripwire380 Aufrufe32 Folien
Innovating at speed and scale with implicit securityInnovating at speed and scale with implicit security
Innovating at speed and scale with implicit securityElasticsearch845 Aufrufe8 Folien
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...Elasticsearch1.2K Aufrufe22 Folien

Más contenido relacionado

Presentaciones para ti(20)

Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
Elasticsearch745 Aufrufe
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch551 Aufrufe
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
VMware Tanzu316 Aufrufe
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch774 Aufrufe
Pentest as a Service Impact 2020Pentest as a Service Impact 2020
Pentest as a Service Impact 2020
DevOps.com64 Aufrufe
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
Elasticsearch58 Aufrufe
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM?
Elasticsearch231 Aufrufe
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch426 Aufrufe
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity Edition
Netskope2.3K Aufrufe
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa762 Aufrufe
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash2.3K Aufrufe
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
Netskope982 Aufrufe
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch942 Aufrufe
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope1.2K Aufrufe
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
DevOps.com83 Aufrufe
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Netskope635 Aufrufe
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com203 Aufrufe
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
Alert Logic 571 Aufrufe
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada2.3K Aufrufe
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal2.2K Aufrufe

Similar a Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches(20)

Indianapolis Splunk User Group Dec 22Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22
WesComer241 Aufrufe
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
Islam Azeddine Mennouchi968 Aufrufe
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
Islam Azeddine Mennouchi7K Aufrufe
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE628 Aufrufe
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
Karl Ots233 Aufrufe
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver712 Aufrufe
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson207 Aufrufe
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals860 Aufrufe
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots136 Aufrufe
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Aaron Hnatiw390 Aufrufe
Cloudtenna Hour With An Expert WebinarCloudtenna Hour With An Expert Webinar
Cloudtenna Hour With An Expert Webinar
Mitch Crane154 Aufrufe
Mobile App Security - Best PracticesMobile App Security - Best Practices
Mobile App Security - Best Practices
RedBlackTree301 Aufrufe
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
TechSoup 1K Aufrufe
Web security uploadv1Web security uploadv1
Web security uploadv1
Setia Juli Irzal Ismail1.6K Aufrufe
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE88 Aufrufe
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
Lalit Kale445 Aufrufe
Defending Today's Threats with Tomorrow's Security by Microsoft by Aidan FinnDefending Today's Threats with Tomorrow's Security by Microsoft by Aidan Finn
Defending Today's Threats with Tomorrow's Security by Microsoft by Aidan Finn
John Moran393 Aufrufe
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis201 Aufrufe
apidays LIVE London 2021 - Securing PII at runtime by Rob Dickinson, Resurfac...apidays LIVE London 2021 - Securing PII at runtime by Rob Dickinson, Resurfac...
apidays LIVE London 2021 - Securing PII at runtime by Rob Dickinson, Resurfac...
apidays392 Aufrufe
A Fresh, New Look for CMD+CTRL Cyber RangeA Fresh, New Look for CMD+CTRL Cyber Range
A Fresh, New Look for CMD+CTRL Cyber Range
Security Innovation99 Aufrufe
Anzeige

Más de DevOps.com(20)

Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com838 Aufrufe
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com254 Aufrufe
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com133 Aufrufe
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com242 Aufrufe
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
DevOps.com305 Aufrufe
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
DevOps.com182 Aufrufe
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com283 Aufrufe
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
DevOps.com215 Aufrufe
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com164 Aufrufe
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com385 Aufrufe
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
DevOps.com236 Aufrufe
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
DevOps.com253 Aufrufe
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
DevOps.com112 Aufrufe
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
DevOps.com154 Aufrufe
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com175 Aufrufe
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com154 Aufrufe
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com63 Aufrufe
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
DevOps.com114 Aufrufe
The Importance of Visibility and Security of Critical Applications in Cloud E...The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...
DevOps.com33 Aufrufe
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with Datadog
DevOps.com138 Aufrufe

Último(20)

How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 270010 Aufrufe
6 Key Financial Metrics to track.pdf6 Key Financial Metrics to track.pdf
6 Key Financial Metrics to track.pdf
Fazal Paci0 Aufrufe
2023-05-31_ESWC.pptx2023-05-31_ESWC.pptx
2023-05-31_ESWC.pptx
Anisa Rula0 Aufrufe
在哪里可以办美国大学文凭《夏威夷太平洋大学毕业证成绩单仿制》在哪里可以办美国大学文凭《夏威夷太平洋大学毕业证成绩单仿制》
在哪里可以办美国大学文凭《夏威夷太平洋大学毕业证成绩单仿制》
efagvah0 Aufrufe
Europe Dedicated ServerEurope Dedicated Server
Europe Dedicated Server
ShivamShakya320 Aufrufe
Advanced TestingAdvanced Testing
Advanced Testing
Postman0 Aufrufe
Varanasi_Meetup_Universal API Managment.pdfVaranasi_Meetup_Universal API Managment.pdf
Varanasi_Meetup_Universal API Managment.pdf
Santosh Ojha0 Aufrufe
CDP_Presentation.pptxCDP_Presentation.pptx
CDP_Presentation.pptx
Abbas3358830 Aufrufe
Multi Standard Mixed Mode.pdfMulti Standard Mixed Mode.pdf
Multi Standard Mixed Mode.pdf
MbBot0 Aufrufe
End to End Process Transformation with Signavio.pdfEnd to End Process Transformation with Signavio.pdf
End to End Process Transformation with Signavio.pdf
IgnacioPeredoCL0 Aufrufe
Managing a WordPress Multisite NetworkManaging a WordPress Multisite Network
Managing a WordPress Multisite Network
Jonathan Bossenger0 Aufrufe
Theben DALI-2 Room SolutionTheben DALI-2 Room Solution
Theben DALI-2 Room Solution
Ivory Egg0 Aufrufe
Ericsson LTE Commands.pdfEricsson LTE Commands.pdf
Ericsson LTE Commands.pdf
MbBot0 Aufrufe
Ignite the future of clincial trials with Clinion AIIgnite the future of clincial trials with Clinion AI
Ignite the future of clincial trials with Clinion AI
shirleyraghu0 Aufrufe
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
TrustArc0 Aufrufe
Agile Mindset, Ahmed Sidky PhD.pdfAgile Mindset, Ahmed Sidky PhD.pdf
Agile Mindset, Ahmed Sidky PhD.pdf
FarizGhozali0 Aufrufe
Chapter_11-Heragu.pptxChapter_11-Heragu.pptx
Chapter_11-Heragu.pptx
Madan Karki0 Aufrufe
GD Water Consult.pdfGD Water Consult.pdf
GD Water Consult.pdf
AmitMehta2140 Aufrufe
UiPath Community - Dallas - Studio Web.pdfUiPath Community - Dallas - Studio Web.pdf
UiPath Community - Dallas - Studio Web.pdf
DianaGray100 Aufrufe
Responsive Web Design Crafting Websites for the Multi-Device World (2).pdfResponsive Web Design Crafting Websites for the Multi-Device World (2).pdf
Responsive Web Design Crafting Websites for the Multi-Device World (2).pdf
iSQUARE Business Solution0 Aufrufe
Anzeige

Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches

  1. Confidential Hotels, Hookups and Video Conferencing A Top 10 Countdown to 2020's Worst Data Breaches “We Dig Your Cloud”
  2. Meet the Speakers Eric Kedrosky Director of Cloud Security Research & CISO Sonrai Security Mitch Ashley CEO & Managing Analyst Accelerated Strategies Group
  3. 2020 Data Breaches
  4. Misconfigurations
  5. 10: Prestige Software
  6. Lessons From Misconfigurations • Need comprehensive controls, applied to each domain • One technique doesn’t mean safety  • Block permissions with policies and constant monitoring for mistakes
  7. Third-Party
  8. 9. Keepnet
  9. Lessons From Third Party Breaches • Need comprehensive controls across all providers • Checks and audits are required • Vendors are targets too • Continuously maintain least privilege
  10. Weak Authentication for Data Storage
  11. 8. Spotify
  12. Lessons for Weak Authentication • Be careful trusting old school network protection • Protect EVERYTHING with authentication • Use proper network zoning for multi-tier application stacks
  13. No Authentication for Data Storage
  14. 7. BlueKai
  15. Lessons for No Passwords • Use passwords
  16. Human Error
  17. 6. Vertafore
  18. Lessons for Human Error • Continuously monitor access • Get to and maintain least privilege • Prevent overprivege
  19. Key and Secret Management
  20. 5. WildWorks
  21. Lessons Key and Secret Management • Multi-factor authentication is powerful • Use keys wisely • Looks for keys and secrets in code repos and open storage • Look for sloppy key exposure
  22. Overprivilege
  23. 4. Cisco
  24. Lessons from Overprivilege • Define adequate privilege for each account and workload • Compare permissions to usage and triage to get to least privileged • Establish protections for highly privileged accounts • Watch out for bad habits in creating overprivileged accounts
  25. Insider Threats
  26. 3. Shopify
  27. Lessons and Tactics for Insider Attacks • Highly privileged and “break glass” accounts must be supported, but such accounts must be used carefully • Separation of duties for dangerous activities is vital • Some security architectures make separation of duties tricky; root accounts are required for some functions
  28. Admin Credentials
  29. 2. MobiFriends
  30. Lessons and Tactics for Admin Credentials • Creating accounts and roles separate duties • Remove dormant admin accounts • Get to least privilege • Administrative credentials are only used for administrative tasks • Administrator privileges are appropriately logged and continuously monitored
  31. Trial By Fire
  32. 1. Zoom
  33. Lessons and Tactics for Security Teams • Continuous auditing and reporting • Integrate teams to shift left effectively • Prevent and remediate issues • Remove blind spots and gaps from Individual tools
  34. Sonrai can help Identity and Data Protection for AWS, Azure, GCP, and Kubernetes Identity & data access complexity is a ticking time bomb in your cloud. Tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. First-generation security tools miss this as evidenced by so many breaches. Sonrai Dig, our enterprise identity and data governance platform, de-risks your cloud by finding these holes, helping you fix them, and preventing those problems from occurring in the first place.
  35. Confidential Q & A
  36. Confidential Thank You! sonraisecurity.com “We Dig Your Cloud”
Anzeige