Day Two Cloud 010: The Role Of Egress Control In Cloud Security

Security is a top concern when it comes to cloud applications and services.
Given internal configuration errors and external malicious actors, it’s reasonable to assume that at some point your cloud services will be attacked.
What strategies can be applied to make sure the bad actor is trapped and the damage is limited? Let’s discuss.
Guiding us through the dark and dangerous clouds of security is David Redekop, Founder of Adam Networks and Co-founder of Nerds On Site.
We discuss:

* Default security settings of cloud services and when you need to go beyond those defaults
* How encryption can stymie traffic inspection
* The need for egress control in cloud services
* The complexities of IP-based egress control
* DNSSEC vs. DNS over HTTPS/TLS
* Using DNS domains and subdomains to create egress whitelists
* The role of logging
* Using tools such as OSquery

Sponsor: Netrounds
Netrounds software performs active testing and monitoring to ensure your business-critical applications and services are running as expected. Get real-time insights for testing, troubleshooting, and SLA monitoring. Find out more at netrounds.com/packetpushers.
Show Links:
DNS over HTTP/S – Wikipedia
osquery from Facebook – Osquery.io
Dnsmasq by Simon Kelly – thekellys.org
Google Transparency Report – Google
David Redekop on Twitter
Adam Networks
Your Host:
Ned Bellavance on Twitter
Ned In The Cloud – Ned’s blog