Platform as a Service (PaaS) Risks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:01
>> We've talked about platform
00:01
>> as a service more generally,
00:01
>> and now we're going to talk about some of the risks.
00:01
It's not all easily or deployable
00:01
development environments and scalable databases.
00:01
There are some risks when using platform as a service.
00:01
This lesson we're going to talk about
00:01
the risks when using platform as a service and also,
00:01
discuss some of the high-level risks responses
00:01
to those identified threats.
00:01
We're going to talk about four major risks
00:01
when using platform as a service.
00:01
The first is interoperability.
00:01
Remember, the cloud provider is
00:01
responsible for updating the operating system.
00:01
Unless there's effective communication
00:01
between the customer and the provider,
00:01
updates to the underlying operating system can break
00:01
applications or they may not function properly.
00:01
This can be a nasty surprise when
00:01
your production environment that
00:01
your customers are using stops
00:01
working and you're searching
00:01
for issues with your code and discover that there
00:01
was an update that went through last night
00:01
that changed something in
00:01
the operating system that broke the application.
00:01
Being certain that you know
00:01
when your operator's patching cadence
00:01
and update cadence for the underlying operating system,
00:01
that is really the key to managing some of
00:01
those interoperability issues and back doors.
00:01
Since many platform as
00:01
a service cloud environments are used for development,
00:01
introducing a backdoor during
00:01
development is a significant risk.
00:01
A backdoor is in a way
00:01
that a developer or anyone can really potentially
00:01
exploit a piece of software that passes over
00:01
the typical safeguards that would limit
00:01
access to sensitive parts of the application.
00:01
Backdoors aren't always put in with malicious intent.
00:01
Many programmers create backdoors when they
00:01
want to test a piece of software and
00:01
a backdoor is installed
00:01
so that they can test a portion of
00:01
the software without running
00:01
the whole program over and over again.
00:01
But in this instance or when a backdoor remains,
00:01
it's really is indicative that
00:01
the testing and change management processes
00:01
that we're going to talk about in more detail in
00:01
later modules weren't really effectively put in place.
00:01
That backdoor remained in the software and was out
00:01
there once the code is deployed to production.
00:01
That allowed threat actors to
00:01
eventually find it and utilize
00:01
that backdoor vulnerability to make
00:01
bad things happen. Resource sharing.
00:01
One of the benefits of the Cloud is
00:01
the ability to share resources
00:01
amongst multiple customers.
00:01
But there are some difficulties
00:01
that come with using shared hardware.
00:01
Although resource sharing generally
00:01
enables cost benefits,
00:01
it introduces risks such as
00:01
information bleeds and side-channel attacks
00:01
where the actor is able to
00:01
infer secrets about the customer's data from
00:01
changes that they're perceived in
00:01
the hardware cache on the physical device.
00:01
Then finally, one of the other big risks of
00:01
using platform as a service comes with virtualization.
00:01
The complexities of virtual environments and
00:01
the risks it introduces deserve a lesson unto themselves.
00:01
But for the time being,
00:01
know that virtualization introduces
00:01
various risks when using
00:01
platform as a service. Quiz question.
00:01
What security risks may be
00:01
accidentally introduced during development?
00:01
Side-channel attacks, information bleed, or backdoors?
00:01
If you said backdoors, you are right.
00:01
Backdoors can be introduced
00:01
as part of the testing process
00:01
and with ineffective change management
00:01
and testing of the software,
00:01
they can be potentially left in.
00:01
In this module, we covered
00:01
common risks with platform as a service,
00:01
as well as some of the high level of
00:01
controls to address those risks.
00:01
I'll see you in the next lesson.
Up Next