Security Challenges of Cloud Workloads
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> Now that we've described
00:00
Cloud security challenges in general,
00:00
let's focus on the specific challenges
00:00
faced by Cloud workloads,
00:00
which naturally stem
00:00
>> from the aforementioned challenges.
00:00
>> First, for the sake of being on
00:00
the same page, let's define.
00:00
Workloads are the containers, functions,
00:00
or machines that store the data and network resources,
00:00
which make an application work.
00:00
In other words, they are the resources and
00:00
processes required to execute an application,
00:00
service, or other functionalities.
00:00
Containers provide a consistent,
00:00
isolated execution environment for applications.
00:00
They are similar to virtual machines if they
00:00
do not require a guest operating system.
00:00
Instead, the application and
00:00
its dependencies are packaged into a container
00:00
based on an image and then
00:00
a standard runtime environment
00:00
is used to execute the app.
00:00
This allows the container to start up in
00:00
just a few seconds because there's
00:00
no operating system to boot and initialize,
00:00
you only need the app to launch.
00:00
The current dominant system
00:00
for automating, deployment, scaling,
00:00
and management of containerized application
00:00
is Kubernetes.
00:00
It allows a company to get
00:00
the same user experience
00:00
regardless of the designated Cloud provider.
00:00
Every Cloud provider has its own version of Kubernetes.
00:00
For example, AKS, EKS, and GKE.
00:00
Container environments elicit
00:00
a range of cybersecurity issues.
00:00
You must secure images, containers, hosts,
00:00
runtimes, registries, and orchestration platforms.
00:00
Container security is made more
00:00
complex by the high quantity of
00:00
containers most organizations have
00:00
and the frequency with which they are updated.
00:00
Each update is an opportunity
00:00
for vulnerabilities to be introduced.
00:00
Additionally, most images which
00:00
>> containers are based on,
00:00
>> even those that are custom made,
00:00
are built on third-party code and
00:00
thus at risk of third-party vulnerabilities.
00:00
Serverless functions, on the other hand,
00:00
are single-purpose,
00:00
event-driven functions that are
00:00
triggered only in response to an event,
00:00
such as receiving an HTTP request.
00:00
The code executes in
00:00
a fully managed environment where there is no need to
00:00
provision any infrastructure or
00:00
worry about managing any servers.
00:00
This takes the abstraction of containers up a notch.
00:00
Comprised of dozens or hundreds of functions,
00:00
serverless applications are tiny Microservices
00:00
with their own policies,
00:00
roles, API, audit trail, etc.
00:00
This changes the attack surface.
00:00
Instead of a small number of entry points
00:00
with a lot of functionality hidden behind each one,
00:00
there are now more entry points,
00:00
each with a small part of the app behind it.
00:00
Defending your application now
00:00
requires thinking about each entry point.
00:00
Additionally, most of these functions are
00:00
provisioned with more permissions than they require.
00:00
Over privileged functions enlarge the attack surface,
00:00
as well as potentially increase the impact
00:00
>> of an attack.
00:00
>> The short duration of serverless functions means that
00:00
serverless security threats may change shape.
00:00
Attackers may construct
00:00
a much shorter attack that just steals,
00:00
for example, a few credit card numbers.
00:00
Finally, the lightning-speed nature of
00:00
serverless functions execution requires
00:00
adequately fast security processing.
00:00
Any delay in execution due to protection and
00:00
inspection will defeat the purpose
00:00
of using this rapid mechanism.
00:00
In the face of all these workload
00:00
>> protection challenges,
00:00
>> we have cloud guard on our side.
Up Next
Instructed By
Similar Content
