Priyanka Aash, profile picture
Uploaded byPriyanka Aash
69 views

Securing serverless applications in the cloud

Mark Nunnikhoven discusses securing serverless applications in the cloud, emphasizing the mapping of data and services used in designs. He outlines a three-month plan to improve code quality and assess third-party service risks, followed by a six-month goal of establishing unified monitoring and automated responses. The session provides practical guidance on enhancing security for serverless architectures.

Embed presentation

Download to read offline
SESSION ID:SESSION ID: #RSAC Mark Nunnikhoven Securing Serverless Applications In The Cloud CSV-R02 Vice President, Cloud Research Trend Micro @marknca
#RSAC 2
#RSAC 3
#RSAC 4
#RSAC 5
#RSAC 6
#RSAC 7
#RSAC 8
#RSAC 9 Microservices
#RSAC 10
#RSAC 11
#RSAC 12
#RSAC 13
#RSAC 14
#RSAC 15
#RSAC 16
#RSAC 17
#RSAC 18
#RSAC 19
#RSAC 20
#RSAC 21
#RSAC 22
#RSAC 23
#RSAC 24
#RSAC 25
#RSAC 26
#RSAC 27
#RSAC 28
#RSAC 29
#RSAC 30
#RSAC 31
#RSAC 32
#RSAC 33
#RSAC 34
#RSAC 35
#RSAC 36
#RSAC 37
#RSAC 38
#RSAC 39
#RSAC 40
#RSAC 41
#RSAC 42
#RSAC 43
#RSAC 44
#RSAC 45
#RSAC 46
#RSAC 47
#RSAC 48
#RSAC 49
#RSAC 50
#RSAC 51
#RSAC 52
#RSAC 53
#RSAC 54
#RSAC 55
#RSAC 56
#RSAC 57
#RSAC 58
#RSAC 59
#RSAC 60
#RSAC 61
#RSAC 62
#RSAC 63
#RSAC 64
#RSAC 65
#RSAC 66
#RSAC 67
#RSAC 68
#RSAC 69
#RSAC 70
#RSAC 71
#RSAC 72
#RSAC 73
#RSAC 74
#RSAC 75
#RSAC 76
#RSAC 77
#RSAC 78
#RSAC 79
#RSAC 80
#RSAC 81
#RSAC 82
#RSAC 83
#RSAC 84
#RSAC 85
#RSAC 86
#RSAC 87
#RSAC 88
#RSAC 89
#RSAC 90
#RSAC 91
#RSAC 92
#RSAC 93
#RSAC 94
#RSAC Here’s How To Apply What You’ve Learned Today 95 Next week you should: Map out the data and services used in your serverless designs Line up those data:service pairings with data sensitivity Within 3 months you should: Have a handle on the quality of your code & be working to improve it Understand the level of risk and trust of your 3rd party services Within 6 months you should: Have a unified monitoring event stream in place Start to create automated responses to specific issues & events
#RSAC 96 Mark Nunnikhoven @marknca Questions? Thank you!

More Related Content

PDF
2014-04-28 cloud security frameworks and enforcement
byShawn Wells
 
PDF
WebRTC on the Server Side - Signal May 2015
bynico_acosta
 
PPTX
Drupalgeddon 2 – Yet Another Weapon for the Attacker
byDefCamp
 
PPTX
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
byDragos, Inc.
 
PDF
Cloud Breach – Preparation and Response
byPriyanka Aash
 
PDF
Cloud Breach – Preparation and Response
byPriyanka Aash
 
PDF
Aspirin as a Service: Using the Cloud to Cure Security Headaches
byPriyanka Aash
 
PDF
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
byPriyanka Aash
 
2014-04-28 cloud security frameworks and enforcement
byShawn Wells
 
WebRTC on the Server Side - Signal May 2015
bynico_acosta
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
byDefCamp
 
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
byDragos, Inc.
 
Cloud Breach – Preparation and Response
byPriyanka Aash
 
Cloud Breach – Preparation and Response
byPriyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
byPriyanka Aash
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
byPriyanka Aash
 

Similar to Securing serverless applications in the cloud

PDF
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
PDF
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
PPTX
Cloud Security Essentials 2.0 at RSA
byShannon Lietz
 
PDF
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
byPriyanka Aash
 
PDF
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
byPriyanka Aash
 
PDF
Cloud security : Automate or die
byPriyanka Aash
 
PPTX
Serverless Attack Vectors
by2nd Sight Lab
 
PPTX
PCI & Serverless - Everything you need to know
byPureSec
 
PDF
Cloud security assessments : You're doing it wrong!
byPriyanka Aash
 
PDF
An OWASP SAMM Perspective on Serverless Computing
byDenim Group
 
PDF
Building and Adopting a Cloud-Native Security Program
byPriyanka Aash
 
PDF
BSidesQuebec2013_fred
byBSidesQuebec2013
 
PPTX
API Security: Assume Possible Interference
byJulie Tsai
 
PDF
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
PDF
Hardening the cloud : Assuring agile security in high-growth environments
byPriyanka Aash
 
PDF
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
byawish11
 
PDF
Adding Incident Response Containers To The Cyber Security Tool Belt
byDharmendra Rama
 
PDF
RSA ASIA 2014 - Internet of Things
byWolfgang Kandek
 
PDF
Less tech more talk the future of the ciso role
byPriyanka Aash
 
PDF
RSA 2015 Realities of Private Cloud Security
byScott Carlson
 
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
Cloud Security Essentials 2.0 at RSA
byShannon Lietz
 
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
byPriyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
byPriyanka Aash
 
Cloud security : Automate or die
byPriyanka Aash
 
Serverless Attack Vectors
by2nd Sight Lab
 
PCI & Serverless - Everything you need to know
byPureSec
 
Cloud security assessments : You're doing it wrong!
byPriyanka Aash
 
An OWASP SAMM Perspective on Serverless Computing
byDenim Group
 
Building and Adopting a Cloud-Native Security Program
byPriyanka Aash
 
BSidesQuebec2013_fred
byBSidesQuebec2013
 
API Security: Assume Possible Interference
byJulie Tsai
 
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
Hardening the cloud : Assuring agile security in high-growth environments
byPriyanka Aash
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
byawish11
 
Adding Incident Response Containers To The Cyber Security Tool Belt
byDharmendra Rama
 
RSA ASIA 2014 - Internet of Things
byWolfgang Kandek
 
Less tech more talk the future of the ciso role
byPriyanka Aash
 
RSA 2015 Realities of Private Cloud Security
byScott Carlson
 

More from Priyanka Aash

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 

Recently uploaded

PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
Workflow and decision Automation with Flowable
bychakib ch
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
final.pdf
byomarbishtawi04
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 

Securing serverless applications in the cloud