On the road with clouds. Cloud Security Conference Content

Hello, Habr! May 26th at Wrike TechClub was safe. Cloud infrastructure - no precipitation and anomalies. Seriously, we want to report the video from our mini-conference on the
security of cloud solutions and services. Kubernetes security, AWS testing, BYOE on minimums, seccomp to protect the cloud infrastructure.

By the way, the material will be useful not only to security engineers, but also to developers, as well as employees of the SysOps and DevOps departments.

Anton Bogomazov, Wrike - Before stepping into the clouds

Cloud technologies as one of the promising areas are attracting more and more companies to deploy their infrastructure in the "clouds". They are attractive because of their flexibility, especially in terms of deployment and support of infrastructure. Thus, when, after weighing the pros and cons, you decided to deploy the infrastructure in the cloud, it is worth considering security, both at the planning stage and at the implementation and use stages. But where do you start?



Anton Zhabolenko, Yandex.Cloud - Using seccomp to protect the cloud infrastructure

In the report, we will talk about seccomp, the Linux kernel mechanism that allows you to limit the system calls available to the application. We will demonstrate how this mechanism allows you to reduce the attack surface on the system, and also describe how it can be used to protect the internal infrastructure of the cloud.



Vadim Shelest, Digital Security - Cloud Pentest: Amazon AWS Testing Techniques

Currently, more and more companies are considering switching to using cloud infrastructure. Some people want to optimize maintenance and personnel costs in this way; others think that the cloud is more protected from malicious attacks and is safe by default.

Indeed, large cloud providers can afford to keep a staff of qualified professionals, conduct their own research and constantly improve the level of technical equipment, using the latest and most advanced security solutions.

But can all this protect against banal administration errors, incorrect or default configuration settings for cloud services, leakage of access keys and credentials, as well as vulnerable applications? This report will discuss how secure the cloud is and how to identify possible misconfigurations in the AWS infrastructure in a timely manner.



Alexander Ivanov, Wrike - Using osquery to monitor the Kubernetes cluster

Using containerized environments such as Kubernetes makes it difficult to track abnormal activities within these environments compared to traditional infrastructure. Osquery is often used to monitor hosts in a traditional infrastructure.

Osquery is a cross-platform tool that presents the operating system as a high-performance relational database. In the report, we will look at how osquery can improve container monitoring in terms of information security.



Almas Zhurtanov, Luxoft - BYOE on minimums

The problem of protecting personal data when using SaaS solutions has been a concern for information security professionals around the world for a long time. Even with maximum protection against external intruders, the question arises about the degree of control of the SaaS platform provider over the data processed by the platform. In this report, I want to talk about a simple way to minimize SaaS provider access to customer data by introducing transparent encryption of data on the client side and consider the pros and cons of such a solution.



Speakers and organizers will appreciate your feedback on your speeches. The survey takes 2-3 minutes.

Stay tuned for Wrike TechClub on TimePad .