On one recent occasion, cybersecurity personnel discovered that company data stored in a cloud-based object storage service had been leaked onto the dark web and made available for anyone to download. Upon further investigation, it was found that the company’s own developers had placed the encryption keys in the container image for ease of use. The keys were then compromised by hackers because incorrect permission settings had been used. Unfortunately, by the time the leak was discovered it was too late to stop the damage. The company now faces major financial losses and compensation claims as a result of this costly mistake.
Does this incident sound familiar and even commonplace to you?
Do such news stories make you hesitate to use cloud computing?
The challenges that traditional cybersecurity personnel face in the cloud include:
1. Unfamiliarity with the cloud environment, leading to difficulties in managing cloud services and comprehensively attending to relevant security settings.
2. Dealing with new development processes such as DevOps and assisting development departments control potential risks.
In this session we will share common threat tactics in the cloud as well as response strategies that help cybersecurity personnel better manage cloud security.
Session Summary
1. Introduction to potential usage risks based on recent-year real-world cloud attack cases.
2. How cloud workloads can be hacked and why the container images that so many people use on GitHub are problematic. Through participating in actual attack and defense operations, students gain first-hand experience with the cybersecurity issues and risks faced when using the cloud as well as new types of development processes and tools.
3. Guidance through the process of logically thinking through how to build effective and flexible cloud security defense architecture.
4. Experience carrying out cloud risk assessment tasks.
Device Requirement You Should Prepared for
None.
Skills Requirement You Should Have
We recommend students have experience using public cloud services and be familiar with basic services such as EC2 and S3.
Limit on the Number of Attendee
20
- THEME | CyberLAB
- LOCATION | Taipei Nangang Exhibition Center, Hall 2 4F undefined
- LANGUAGE | Chinese
CYBERSEC 2023 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy .