Securely Integrate Multicloud Environments with Workload Identity Federation скачать в хорошем качестве

Securely Integrate Multicloud Environments with Workload Identity Federation

Organizations are becoming multicloud by choice or by chance. Many of them integrate their multiple clouds with one another to improve Availability, support Disaster Recovery, and leverage the services from each provider that best fits their needs. These integrations are usually supported with long-lived credentials. These credentials are much more valuable to attackers than those that are short-lived. Even following best practices will leave your multicloud environments less secure than their single-cloud counterparts. Join Eric Johnson and Brandon Evans as they destroy these long-lived credentials in the Big 3 cloud providers using Workload Identity Federation. They will show how Cloud Security Engineers can securely authenticate from one cloud provider to another using short-lived, automatically rotating tokens that cannot be (ab)used in any other context. The session will conclude with a demonstration of a real multicloud web application that leverages these techniques to securely upload user data to Amazon S3, Azure Storage, and Google Cloud Storage. Learning Objectives: Learn why organizations are choosing to integrate their multiple cloud environments together. Examine the risk posed by using long-lived credentials. Evaluate the benefits and limitations of following best practices with long-lived credentials. Observe integrations from AWS to GCP, from Azure to AWS and GCP, and from GCP to AWS and Azure. Understand why AWS cannot access resources in Azure without transmitting powerful Azure credentials to AWS. Access an open-source project to bootstrap your secure multicloud integrations. Hands-On Workshop: If you are interested in this topic, join Eric's free, 2-hour hands-on workshop happening Thursday, Oct 5th at 10am ET | 1400 UTC, "Destroying Long-Lived Cloud Credentials with Workload Identity Federation" https://www.sans.org/webcasts/destroy... This webcast supports knowledge and concepts from the updated SEC510: Public Cloud Security: AWS, Azure, and GCP, https://www.sans.org/cyber-security-c... About the Speakers: Brandon Evans Brandon is the owner and an InfoSec Consultant at On-Brand Technologies LLC, a consultancy helping organizations secure their applications and other workloads in multi cloud environments, specializing in AWS, Azure, and Google Cloud. Prior to starting his consultancy, Brandon led the secure development training program at Zoom Video Communications. He began his career as a Software Engineer, where he worked on both the core product of a startup, later acquired by a Fortune 500 organization, and on various products spanning a multi-billion dollar enterprise. Brandon is lead author for SEC510: Public Cloud Security: AWS, Azure, and GCP, a contributor to SEC540: Cloud Security and DevSecOps Automation, host of Cloud Ace podcast, Season 1, an analyst for the SANS Multicloud Survey, and a multi-year RSA Conference presenter. Learn more about Brandon at https://www.sans.org/profiles/brandon... Eric Johnson Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevSecOps Automation and a co-author and instructor for both SEC549: Enterprise Cloud Security and SEC510: Public Cloud Security: AWS, Azure, and GCP. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Learn more about Eric at https://www.sans.org/profiles/eric-jo... SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications. SANS Cloud Security Curriculum: www.sans.org/cloud-security GIAC Cloud Security Certifications: https://www.giac.org/focus-areas/clou... LinkedIn:   / sanscloudsec   Discord: www.sansurl.com/cloud-discord Twitter: @SANSCloudSec