What can the cybersecurity industry learn from the COVID-19 pandemic?


The COVID-19 pandemic has significantly changed our lifestyles, the impact is far-reaching and definitely unforgettable. Our view of what constitutes humanity e.g. business, education, healthcare has been redefined. Ultimately, rapid adaptation has been the ubiquitous option, paving the way for emerging and innovative solutions to gain unparalleled adoption. However, the most prominent of these innovative solutions is the ecosystem surrounding the accelerated development, testing, distribution and administration of COVID-19 vaccines.

In the next series of articles, I will write on a project that enables continuous security incident response for AWS and GCP. This is a project I am currently working on therefore all comments and criticisms are welcome. This is Part 1.

A Cartoonified scene from Fast & Furious 6

Dominic Toretto and his crew have endlessly held fans to a series of suspense and action-packed stunts in the Fast & Furious Franchise. However, this article is not really about those stunts against evil forces but actually about how to perform similar stunts in cloud infra. Therefore, you can assume for a while that you are Vin Diesel…

Information Security

Cloud computing is continually disruptive, paving the way for several emerging technologies while facilitating innovation and rapid creativity. Therefore, cloud-native architectures are gaining traction, organizations and businesses are increasingly adopting these technologies to enable several properties including agility, resilience, cost-effectiveness and scalability. These properties have been proven to support productivity, which is core to success in the current technologically driven economy.

However, cloud technologies are not without blemish, there are no perfect availability guarantees for services offered on public clouds platforms, failures can occur without notice. These failures have caused millions of dollars to businesses due to the lack of…

A few days ago, the news of the Capital One breach was made public. Being a major financial powerhouse, 106 million customers were immediately affected by this breach and several companies are investigating possible spill-over effects. While the details of the breach are still unfolding, it is imperative to analyze the breach based on the known facts. The aim is not to blame any entity but rather to gain corrective knowledge and lessons. Here are a few lessons to be derived and possible counter-measures.

Principle of Least Privilege: It is believed that the hacker, Paige A. Thompson gained access to…

Docker images are currently the most popular implementation of container virtualization aka “application containers”. Application containers are rapidly being adopted in enterprise IT infrastructures due to several advantages including short development and deployment cycles, resource efficiency through lightweight virtualization, availability of tools for automating processes and cross-platform possibilities. Docker images are core building blocks for microservices and container-based infrastructures.

Figure 1: Major Security Risks Impacting the Core Components of Container Technologies

However, container-based infrastructure introduces several security risks such as embedded malware, stale images and untrusted images. Interestingly, these risks are prevalent in different components of the container technologies e.g. images, registries, orchestrators, containers, and host operating system (see Figure 1). Owing…

Microservice Architectures (MSA) consists of several autonomous, loosely coupled, polyglot components (microservices) operating jointly as an application. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity, thus microservices are rapidly gaining massive attention. The microservice architectural style supports polyglotness at the persistence layer and use of diverse programming languages for the business logic. Polyglot
persistence is widely practiced since it affords flexible deployment of different database types. Conversely, polyglot programming models are not favored due to complexities of managing multiple technologies. Instead, homogeneous microservices are more prevalent and prefered basically…

Kennedy Torkura

I'm a cyber security researcher, passionate about cloud native security especially the intersection of chaos engineering & incident response.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store