Cloud Security Needs to be Effortless for Developers
Cloud can be difficult to secure. Since on the internet attackers tend to lurk everywhere. But what we really want to do is build and ship features for your users. The inescapable fact of the matter is that our cloud accounts and servers need to be safe against ransomware, data theft attempts. Sometimes we need to demonstrate cloud security matches security standards and we are compliant.
From outside it seems like a straightforward problem and hence a simple solution. Harden the configuration. Make that bucket private. Don’t use SSH without going through a bastion or a virtual private network (VPN). Fundamentally these are all security choices. And we have all heard the scary stories.
With each security choice comes added complexity of the code that has work. Bucket isn’t public, so we need to use signed URLs. Oh but now AWS requires signing to happen as per version 4 of the algorithm. Working code becomes obsolete. Databases can only be accessed over TLS using certificates. Now we need to keep the client certificate safe and worry about what if this laptop breaks down.
Sometimes we understand the consequence of making a configuration change. But at other times we may not be so sure. Uncertainty when facing high stake choices can make us freeze or choose incorrectly. Even if we are ever so lucky the stress and the constant nagging feeling is terrible to live with.
To counter all this complexity Kloudle has launched a product for effortless cloud security scanning. Aim at developers Kloudle automates cloud security and minimizes human error without requiring extensive security knowledge.
With Kloudle it is super simple to
- Scan your cloud accounts
- Fix the misconfigs with simple to follow steps and watch out for the pitfalls mentioned
- Automate the scanning
Kloudle FreeScan and experience this yourself.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.