Thursday 5th December, 2013
8:15pm to 9:15pm
Representations of cloud infrastructures often reassure us of their robust security mechanisms by prominently displaying the familiar gold lock in the center of the cloud. While many cloud providers genuinely do strive to deliver confidentiality, integrity, and availability the vital question remains: "Is our data actually secure or not?"
The elephant in the room is that client access is the Achilles' heel of the cloud. This talk has been rejected by more than one cloud conference because they would usually rather not talk about these risks. The truth remains, our data is vulnerable virtually everywhere except the cloud (assuming it is actually secure there to begin with).
This talk will clearly illustrate the realities of cloud infrastructure risks for those people who desire to look beyond the cost-savings and operational benefits clouds can provide and truly protect their zeros and ones, wherever they end up.
Numerous demonstrations of hacker tools and techniques will show how attackers can access data even when the cloud infrastructure itself does not have any known vulnerabilities (e.g. sql-injection, XSS, session management flaws or other logic flaws) by simply bypassing most of the security controls we rely on when using cloud resources.
If you are serious about protecting your data, you will want to be keenly aware of these risks...
There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. - Sneakers (1992) bio from Twitter
Sign in to add slides, notes or videos to this session