, 12 tweets, 3 min read
Been thinking a lot about #cloud #security lately and I am starting to believe that the "shared responsibility model" is fundamentally broken. Securing an storage bucket or server in the cloud shouldn't be as difficult as it is. Thread...
The big providers advertise how easy it is to deploy infrastructure in the cloud, but they don't seem to talk about how easy it is to screw it up and loose half the country's SSNs because of an extra * in a JSON policy. It doesn't help that the default settings are rarely secure.
We've got companies with 100s of engineers and combined decades of cloud security experience who are still getting it wrong. Not a day goes by without mass exfiltration of user data because of what amounts to really tiny mistakes.
The cloud providers have tried to address the issue, but IMO, they're going about it the wrong way. Devs shouldn't need an entire "Security Center" to tell them they're doing something insecure in a different part of the product.
TBF, I don't think there's an easy answer. With great power to build and design cloud systems comes great responsibility. Companies hosting user data in those systems need to do learn to do so securely. I'm just confused on *why* it's so hard to do that.
I think there are a few things the cloud providers should do to make things better:
1) Put security warnings front and center. If I'm about to do something insecure in S3, tell me right then. Don't make me go sign up for Config Service and launch 15 Lambdas with an SNS topic and a satellite to figure it out after the fact.
2) Secure everything by default and make the insecure options harder to enable. Most users likely won't encrypt something if it's opt-in and hidden down under an "Advanced Settings" menu.
3) Redesign policy-based permissions and stop allowing wildcards. Devs put wildcards in a policy bc it's the path of least resistance. I'm not about to parse policy logs for 2 hours to find the exact EC2:X permission my server needs, but it certainly doesn't need "*".
4) Turn all services and regions off by default. Providers won't do this bc it's detrimental to their business model, but 99% of users aren't using most of these services, so make the account owner enable what they need on a per-service/region basis.
5) Surface problems with zero config. Leave a car door open with the keys in and it starts beeping. I don't have to subscribe to some extra service for the feature. Why can *really* insecure infra keep running without any notification from the provider?
There are scores more ways to improve the situation, but just doing the above might have prevented a good chunk of this year's biggest cloud hacks. Anyone have other ideas?
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Matt Fuller

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!