Links:How to Make Your Next Third-Party Risk Conversation Less Awkward: https://www.darkreading.com/vulnerabilities-threats/how-to-make-your-next-third-party-risk-conversation-less-awkward5 Vexing Cloud Security Issues: https://www.itprotoday.com/hybrid-cloud/5-vexing-cloud-security-issuesAttackers Increasingly Target Linux in the Cloud: https://www.darkreading.com/threat-intelligence/attackers-increasingly-target-linux-in-the-cloudTop 5 Best Practices for Cloud Security: https://www.infosecurity-magazine.com/magazine-features/top-5-best-practices-for-cloud/Zix Releases 2021 Mid-Year Global Threat Report: https://www.darkreading.com/cloud/zix-releases-2021-mid-year-global-threat-reportThe big three innovations transforming cloud security: https://siliconangle.com/2021/08/21/big-three-innovations-transforming-cloud-security/The Benefits of a Cloud Security Posture Assessment: https://fedtechmagazine.com/article/2021/08/benefits-cloud-security-posture-assessmentHow to Maintain Accountability in a Hybrid Environment: https://www.darkreading.com/cloud/how-to-maintain-accountability-in-a-hybrid-environment6 Cloud Security Must-Haves–with Help from CSPM, CWPP or CNAPP: https://www.eweek.com/security/6-cloud-security-must-haves-with-help-from-cspm-cwpp-or-cnapp/The hybrid-cloud security road map: https://www.techradar.com/news/the-hybrid-cloud-security-road-mapHow Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations: https://securityintelligence.com/articles/biden-executive-order-industry-expectations/Cloud Security: Adopting a Structured Approach: https://customerthink.com/cloud-security-adopting-a-structured-approach/The Overlooked Security Risks of the Cloud: https://threatpost.com/security-risks-cloud/168754/TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It’s an awesome approach to detecting breaches. I’ve used something similar for years myself before I found them. Check them out. But wait, there’s more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It’s awesome. If you don’t do something like this, instead you’re likely to find out that you’ve gotten breached the very hard way. So, check it out. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You’ll know which one of those you fall into. Take a look. I’m a big fan. More to come from Thinkst Canary weeks ahead.Jesse: It is 2021. Conference calls and remote meetings have the same decade-old problems. Connection drops, asking if anyone can hear us, asking if anyone can see our screen, even though we can clearly see the platform is in sharing mode with our window front and center. Why is this so hard? We live in the golden age of the cloud.Shouldn’t we be easily connecting and sharing like we’re in the same room rather than across the planet? Yes we should. Sure, there have been improvements, and now we can do high-quality video, connect dozens or hundreds of people from everywhere on a webinar, and usually most of us can manage a video meeting with some screen sharing. I don’t understand how we can have Amazon Chime, WebEx, Teams, Zoom, Google Meet—or whatever it’s called this month—GoToMeeting, Adobe Connect, FaceTime, and other options, and still not have a decent way for multiple people to see and hear one another and share a document, or an application, or screen without routine problems. All of these are cloud-based solutions.Why do they all suck? When I have to use some of these platforms, I dread the coming meeting. The worst I’ve seen is Amazon Chime—yes, that’s you, Amazon—Microsoft Teams—as always—and Adobe Connect. Oof. The rest are largely similar with ...
