I was 5. What does a childhood fear in 1983 have to do with - - PowerPoint PPT Presentation

i was 5 what does a childhood fear in 1983 have to do
SMART_READER_LITE
LIVE PREVIEW

I was 5. What does a childhood fear in 1983 have to do with - - PowerPoint PPT Presentation

Aug 30, 2023 243 likes •747 views

I was 5. What does a childhood fear in 1983 have to do with serverless security in 2019? McNuggets are introduced Mario Bros was released in the arcade ARPANET switches to IP creating the internet Challenger flew STS-7 deploying

slide-1
SLIDE 1
slide-2
SLIDE 2
slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5
slide-6
SLIDE 6

I was 5.

slide-7
SLIDE 7
slide-8
SLIDE 8

What does a childhood fear in 1983 have to do with serverless security in 2019?

slide-9
SLIDE 9
slide-10
SLIDE 10

McNuggets are introduced

slide-11
SLIDE 11

Mario Bros was released …in the arcade

slide-12
SLIDE 12

ARPANET switches to IP
 …creating the internet

slide-13
SLIDE 13

Challenger flew STS-7 deploying two satellites and conducting a number

  • f experiments
slide-14
SLIDE 14

Cold war tensions are high

slide-15
SLIDE 15

The Baseline

slide-16
SLIDE 16

by Invest Comox Valley

slide-17
SLIDE 17

by Harold A. Skaarup

slide-18
SLIDE 18
slide-19
SLIDE 19

THE BASELINE

Enemies are working against us We are under constant threat Everyone you trust is worried

slide-20
SLIDE 20

The Environment

slide-21
SLIDE 21
slide-22
SLIDE 22
slide-23
SLIDE 23
slide-24
SLIDE 24

THE ENVIRONMENT

Cold war doesn’t feel cold ICBMs could launch at any time Darth Vader is coming

slide-25
SLIDE 25

The Threat

slide-26
SLIDE 26
slide-27
SLIDE 27

*Not actually 3200 Phaethon

slide-28
SLIDE 28

*Still not 3200 Phaethon

slide-29
SLIDE 29

THE THREAT

PHA is a “hairs breadth” from earth Impact would be devastating Aftermath is a slow, lingering death

slide-30
SLIDE 30
slide-31
SLIDE 31

Baseline Environment + + Threat

slide-32
SLIDE 32
slide-33
SLIDE 33
slide-34
SLIDE 34
slide-35
SLIDE 35

Baseline Environment + + Threat Traditional security

slide-36
SLIDE 36

TRADITIONAL SECURITY

Assets are long lived Deep access is required & expected Perimeter is king

slide-37
SLIDE 37

Baseline Environment + + Threat Traditional security Losing ground

slide-38
SLIDE 38

LOSING GROUND

New malware every 0.3 seconds New vulnerability every 3 days Constant threat of the unknown

slide-39
SLIDE 39

Baseline Environment + + Threat Traditional security Losing ground Cybercriminals

slide-40
SLIDE 40

CYBERCRIMINALS

1.5T in profit in 2018 4.5T in damage in 2018 Few to no convictions

slide-41
SLIDE 41
slide-42
SLIDE 42
slide-43
SLIDE 43

THE REACTION

OWASP Top 10 for Serverless CSA 12 Most Critical Risks… Exclusive focus on functions

slide-44
SLIDE 44

*Not me, not taken in the 1980s

slide-45
SLIDE 45

Misconfigurations

#1 THREAT

slide-46
SLIDE 46

100’s of millions records breached from Amazon S3

#1 THREAT

slide-47
SLIDE 47

SHARED RESPONSIBILITY MODEL

Data Application
 Operating System Virtualization Infrastructure Physical Service Configuration

SaaS


(Abstract)

+

slide-48
SLIDE 48

THE FOUR PILLARS OF SERVERLESS SECURITY

Service selection

Do these services meet the business needs?

Functions

Is the code high quality?

Data flow

Is the data intact? Is access controlled?

Configuration validation

Are the service features setup?

slide-49
SLIDE 49

Make sure that what you build works as intended …and only as intended

THE GOAL OF BUILDING (AND SECURITY)

slide-50
SLIDE 50