Securing Cloud Delivery Pipelines - Findings From A Blue-Red Team Security Simulation

Dive into the world of cloud security with this 40-minute conference talk from Security BSides London. Explore the findings from a Blue/Red Team security simulation focused on securing cloud delivery pipelines. Learn about the current state of cloud security, essential tooling, and strategies to defend against advanced, motivated attackers. Discover real-world examples through case studies like Tin Tulip and The Creative Licensing Agency. Gain insights on implementing trusted pipelines, utilizing accounts as bulkheads, and improving architecture for enhanced security. Examine the importance of code review and adopt best practices and processes to strengthen your cloud delivery pipeline. Conclude with actionable takeaways and access to valuable repositories for further exploration and implementation.

Intro
State of
Tooling up
Advanced, motivated attackers
Tin Tulip
The Creative Licensing Agency
Trusted pipeline
Pipeline learnings
Accounts as bulkheads
Architecture learnings
Code review
Practices and processes learnings
Conclusions
Check out the repos!