Client Access is the Achilles' Heel of the Cloud

A session at SANS San Antonio 2013

Thursday 5th December, 2013

8:15pm to 9:15pm (CST)

Representations of cloud infrastructures often reassure us of their robust security mechanisms by prominently displaying the familiar gold lock in the center of the cloud. While many cloud providers genuinely do strive to deliver confidentiality, integrity, and availability the vital question remains: "Is our data actually secure or not?"

The elephant in the room is that client access is the Achilles' heel of the cloud. This talk has been rejected by more than one cloud conference because they would usually rather not talk about these risks. The truth remains, our data is vulnerable virtually everywhere except the cloud (assuming it is actually secure there to begin with).

This talk will clearly illustrate the realities of cloud infrastructure risks for those people who desire to look beyond the cost-savings and operational benefits clouds can provide and truly protect their zeros and ones, wherever they end up.

Numerous demonstrations of hacker tools and techniques will show how attackers can access data even when the cloud infrastructure itself does not have any known vulnerabilities (e.g. sql-injection, XSS, session management flaws or other logic flaws) by simply bypassing most of the security controls we rely on when using cloud resources.

If you are serious about protecting your data, you will want to be keenly aware of these risks...

About the speaker

This person is speaking at this event.

There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. - Sneakers (1992) bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 8:15pm9:15pm CST

Date Thu 5th December 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session