06-12, 15:20–15:40 (US/Pacific), Salon C
What really happens when you start using a new service within your cloud estate? This talk will look at how services can introduce risks into a cloud estate when part of their functionality is dependent on existing services, whether this be in your own account/tenant or a provided controlled one. Specifically, we will break down the AWS Elastic Disaster Recovery service and demonstrate how a service that, on the outside appears to safeguard resources by ensuring they are backed up, can be used for malicious purposes due to its dependency on the EC2 service. By the end of the talk, you will have identified how to spot the not so common security concerns that can be raised when using a new service and have a clear process to follow when reviewing new services in the future.
Matt is a Security Consultant at WithSecure with a keen focus on all things cloud. He has several years’ experience building and securing enterprise applications at scale. Prior to joining the security industry Matt worked in systems operation assisting organizations to move large applications from on premise into the cloud.
Outside of work Matt likes to travel and go on long walks with his dog Max.