Mini-conference "Safe work with cloud services"

Continuing the Wrike TechClub series of safe and non-contact mitaps. This time we’ll talk about the security of cloud solutions and services. We will address the issues of protection and control of data that are stored in several distributed environments. We will discuss risks and ways to minimize them when integrating with cloud or SaaS solutions. Join now!
Mitap will be interesting for employees of information security departments, architects designing IT systems, system administrators, DevOps and SysOps - for specialists.

Program and speakers

1. Anton Bogomazov, Wrike - “Before You Step into the Clouds”

Cloud technologies, as one of the promising areas, are attracting more and more companies to deploy their infrastructure in the “clouds”. They are attractive because of their flexibility, especially in terms of deployment and support of infrastructure. Thus, when, after weighing the pros and cons, you decided to deploy the infrastructure in the cloud, it is worth considering security, both at the planning stage and at the implementation and use stages. But where do you start?

2. Anton Zhabolenko, Yandex.Cloud - “Using seccomp to protect cloud infrastructure”

In the talk, we’ll talk about seccomp, the Linux kernel engine that allows you to limit the system calls available to the application. We will demonstrate how this mechanism allows you to reduce the attack surface on the system, and also describe how it can be used to protect the internal infrastructure of the cloud.

3. Vadim Shelest, Digital Security - “Cloud Pentest: Amazon AWS Testing Techniques”

Currently, more and more companies are thinking about switching to using cloud infrastructure. Some people want to optimize maintenance and personnel costs in this way; others think that the cloud is more protected from malicious attacks and is safe by default.

Indeed, large cloud providers can afford to maintain a staff of qualified professionals, conduct their own research and constantly improve the level of technical equipment, using the latest and most advanced security solutions.
But can all this protect against banal administration errors, incorrect or default configuration settings of cloud services, leakage of access keys and credentials, as well as vulnerable applications? This report will discuss how secure the cloud is and how to identify possible misconfigurations in the AWS infrastructure in a timely manner.

4. Almas Zhurtanov, Luxoft - “BYOE at the minimum”

The problem of protecting personal data when using SaaS solutions has long been a concern for information security professionals around the world. Even with maximum protection against external intruders, the question arises about the degree of control of the SaaS platform provider over the data processed by the platform. In this report, I want to talk about a simple way to minimize SaaS provider access to customer data by introducing transparent data encryption on the client side and consider the pros and cons of such a solution.

5. Alexander Ivanov, Wrike - Using osquery to monitor the Kubernetes cluster

The use of containerized environments, such as Kubernetes, makes it difficult to track abnormal activities within these environments compared to traditional infrastructure. Osquery is often used to monitor hosts in a traditional infrastructure.

Osquery is a cross-platform tool that presents the operating system as a high-performance relational database. In the report, we will look at how osquery can improve container monitoring in terms of information security.

–– Registration at the meeting
–– Records from the previous Wrike TechClub food safety meeting