The Statistics of Growing Cloud Security Needs
Gartner projects the worldwide revenue of "Public Cloud" to grow to $331 BILLION by 2022. Gone are the days of laughing at the idea of hosting mission critical data and applications on "another company's computers." Instead, more than a third of organizations see cloud investments as a top three investment priority. And obviously, AWS has taken quite the share of the market for themselves.
But even though this mass movement to the cloud has made a lot of modern development easier...the security aspect is arguably messier. Not only are we playing by the basic security principles but also by the rules these cloud companies create for us to play by. Though we'd all hope that this would make creating secure infrastructures easier, the truth is that companies of all sizes are getting breached left and right. Facebook, Capital One, Toyota, Docker, Equifax, Yahoo, Adobe, T-Mobile. There's so many that it almost seems common to get hacked...except that each breach costs, on average, $3.92 million all the way up to $700 million.
Yes, some of these breaches are the result of extremely clever tactics. However, a wide majority of them, such as the Capital One breach of 2019, are the result of oversight and a lack of understanding about their cloud environment. To use an analogy, it's not that companies don't want their front door locked, or can't, it's that the locks can be so confusing to set up that they either neglect to do so, or do it incorrectly.
But Where Do You Start With Cloud Security?
And so you might be thinking "Okay, but how do I learn to prevent this stuff? How do I keep my company / product from winding up on front-page news due to a cloud data breach??"
Or maybe even something simpler like, "Being able to prevent a multi-million dollar data breach sounds like a valuable skill to have..."
After all, security, especially in context of the cloud, seems like an overwhelming topic. To some extent it is, but to return to our earlier analogy, who do you think is best positioned to secure the place you live in right now? You. Why? Because you know every nook and cranny of the place you live in, how someone could get in, and what they'd need to do so. You know all of the windows, doors, and entry points.
Well, similarly, securing a cloud infrastructure starts with that same idea - knowing the ins and outs of what you have. Once you know the ins and outs, much like knowing where all of the doors and windows are on your house, all you have to do is lock them up. And how do you do this on AWS? By using their Identity and Access Management (IAM) service. It is THE CORNERSTONE of SECURITY on AWS. It's how you tell AWS, and the resources you create, who can access them and under what conditions. It's why S3 buckets get breached. It's why EC2 servers get inappropriately accessed. And guess what? It doesn't have to be that complex or difficult to learn.
As someone with years of experience working in AWS and teaching / helping 1000s of developers on it - let me save you the 100s of hours that will otherwise go towards peeling through documentation, experimentation, and, worst case scenario, dealing with a security breach. In this course we'll take a hands-on, deep dive into IAM and make sure that you walk away with everything you need to work professionally with it. You'll be able to read, write, and modify any type of security policy for any service in AWS with FULL UNDERSTANDING of what's going on.
We don't just stop at the basics or trudge through documentation. We'll take the time to set up a full project that spans multiple AWS accounts and resources. The end result? A security skill set for AWS and the ability to lock-down any infrastructure built upon the most popular cloud provider in the market.