Securing DevOps : Security in the Cloud

Securing DevOps : Security in the Cloud

Jun 28, 2021

Key Topics

  • For startups, it's important to start with the smallest attack

surface possible for a startup, to focus on their product and leave
complex infrastructure security and cloud security problems for later
on.

  • The need to start segmenting permissions when there are too many people in a team is a natural, and getting into the cloud services and cloud security business knowing that rearchitecting regularly will be needed is healthy.
  • One of the most critical issues we observe in cloud environments today is leaking credentials that give attackers access to identities or accounts in the cloud; such access can be misused to break into services or abuse resources.
  • Log management is absolutely critical for security teams of course, but also for anyone else involved with building and running services in the cloud.
  • When trying to identify top threats, talk to organization leadership. Often the top threats are already known to the executives.
  • Engineers typically want to build security into their systems or their services. They often don't necessarily have the support to do so because that security requirement is not well-documented or explained.

    ### Pickup the Book: Securing DevOps
    Get 35% off with when using `podaccctrl21`.

  • https://www.manning.com/books/securing-devops
  • http://mng.bz/y9ed