Poor credential management, misconfiguration, and insider threat are the top causes of Cloud Infrastructure data breaches according to global research and advisory firm, Gartner. In the past two years, the US Department of Defense, US Central and Pacific Command, Accenture, GoDaddy, FedEx, and Cisco all encountered data breaches/unauthorized disclosures due to AWS misconfigurations.
In this talk, I focus on strategies for implementing defense in depth within Amazon Web Services, the most widely used of the cloud Infrastructure-as-a-Service providers.
This talk was delivered in April of 2020 at the BSides Atlanta security conference. It was delivered remotely due to the COVID-19 pandemic.