Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Four Cloud Mistakes You Need to Avoid

At the 2015 Security B-Sides conference in San Francisco, I caught up with Dave Lewis (@gattaca), global security advocate for Akamai, and Bill Brenner (@billbrenner70), senior technical writer for Akamai, for a conversation about big cloud mistakes. Here are their four suggestions on what to avoid.

Not doing proper input sanitation

These are SQL injection problems and it’s a solvable problem that can be helped by a cloud provider, such as Akamai, but it’s also something that needs to be addressed by the application itself, “because you have to look at it as a defense-in-depth approach. You want to know your applications are taking security into account, when you’re writing them,” said Lewis.

Falling for social engineering tricks

“People are still very susceptible to clicking on links when somebody tries to trick them with a message of ‘You should see what somebody else is saying about you,’” said Brenner.

Poor password management

We’re all inundated with the need to manage multiple accounts with multiple IDs and passwords. It’s impossible to manage 60 or even hundreds of different accounts with passwords. To manage that complexity, people often use the same password or weak passwords, explained Brenner. “That really sets you up for someone to come in and really cause trouble with all your different accounts.”

Not locking down your registrar information

“Make sure your registrar information for your domain is locked down,” said Lewis. “You want to make sure that you have that sort of information set up in such a way that it’s not easily compromised. There are some registrars out there where you can send them a fax on falsified letterhead and actually change that data to point to a site that the customer no longer controls.”

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security