With respect to technology, the pace of cultural change is faster than ever, and seems to only be gaining speed. Two areas demonstrate this so well: DevOps and the Internet of Things (IoT).
DevOps has transformed how we create and maintain information systems. Increasingly, we don't build servers or even datacenters. Many startups skip datacenters entirely, using software-as-a-service (SaaS) for what they can, and abstracting all of their other information technology needs into cloud services, whether via infrastructure or platform-as-a-service. For those organizations, a single compromised API key represents complete control of the organization's cloud presence – from firewalls, to load balancers, to servers.
One penetration tester found an organization's highest privilege API key checked into a public source code repository. His test achieved complete information technology compromise before he'd sent a single packet to his client.
This cultural change isn't simply about how we build technology--it's also about how we introduce technology increasingly into our everyday life, via the IoT movement. In our personal lives, our phones, smart speakers, and computers control our homes, our cars, and our pacemakers. Central to all of this is radio, whether it be a standard protocol like WiFi, Bluetooth, Zigbee, or Z-Wave, or a custom radio protocol created for a single product line (as in the pacemaker vulnerabilities disclosed by MedSec).
The radio-connected Internet of Things doesn’t apply solely to consumer devices. Consider this: computers connecting by radio increasingly control our manufacturing, farming, transportation, environment controls, and building security. What happens when a security flaw allows an attacker to cause damage to crops by faking the data from the sensors monitoring those crops?
For deeper insights into these issues, check out my on-demand webinar, Tackling the Privilege Challenge of Next Generation Technologies, where I share stories of hacking both DevOps-enabled cloud environments and the Internet of Things. You will hear a penetration tester's experiences hacking cloud-enabled companies and radio-connected IoT devices, and also gain some practical security guidance from BeyondTrust on how to better enable and secure next-gen initiatives, like DevOps, IoT, and more.
![Photograph of Jay Beale](https://assets.beyondtrust.com/assets/images/user-photos/_people/Jay-Beale-2021-headshot.jpg?auto=format&q=80)
Jay Beale, CEO, CTO at InGuardians, Inc.
Jay Beale is CTO and CEO for InGuardians. He works on Kubernetes, Linux and Cloud-Native security, both as a professional threat actor and an Open Source maintainer and contributor. He's the architect of the open source Peirates attack tool for Kubernetes and Bustakube CTF Kubernetes cluster. Jay helps create and run DEF CON's Kubernetes CTF, is a member of the Kubernetes organization, and previously co-led the Kubernetes project's Security Audit Working Group. Since 2000, he has led training classes on Linux & Kubernetes security at public conferences and in private training.