06-18, 10:20–10:40 (America/New_York), Breakout 1
While Cloud Service Provider (CSP) Partner Centers don’t contain traditional cloud infrastructure like VMs, ALBs, or VPCs, they are a crucial part of the cloud ecosystem: they’re how your company delivers marketplace offerings to other cloud customers. If they’re compromised, your company’s reputation is on the line, and compromised offerings could wreak havoc in customer environments.
The talk will dive into the technical details of how these portals fail to give security teams a full set of guardrails, how cloud security practitioners can work with what’s currently given to them, and how CSPs can improve their offerings.
This talk is particularly relevant for those who work at companies that publish products to the public cloud marketplaces, and possibly eye-opening for those that work at companies that consume those offerings.
Laura Haller is a Senior Cloud Security Engineer at HashiCorp with just under a decade of experience in the fields of security engineering and cloud security. Prior to HashiCorp, she assisted financial institutions such as Capital One and Charles Schwab during their respective migrations from on-prem to AWS and GCP, and received a sometimes-useful-at-defcon Electrical Engineering degree from the University of Illinois. When she’s not spelunking into the depths of Azure during her day job, she finds great value in mentoring women who are new to the field or trying to break in.