* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/)
* Thanksgiving + re:Invent ...

# Thanksgiving + re:Invent -- Who's Watching Your Cloud?

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fthanksgiving-reinvent-whos-watching-cloud%2F)  
[](https://twitter.com/share?text=Thanksgiving+%2B+re%3AInvent+%E2%80%93+Who%E2%80%99s+Watching+Your+Cloud%3F&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fthanksgiving-reinvent-whos-watching-cloud%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fthanksgiving-reinvent-whos-watching-cloud%2F&title=Thanksgiving+%2B+re%3AInvent+%E2%80%93+Who%E2%80%99s+Watching+Your+Cloud%3F&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2018/11/thanksgiving-reinvent-whos-watching-cloud/&ts=markdown)  
\[\](mailto:?subject=Thanksgiving + re:Invent – Who’s Watching Your Cloud?)  
Link copied  
By [Matthew Chiodi](https://www.paloaltonetworks.com/blog/author/matthew-chiodi/?ts=markdown "Posts by Matthew Chiodi")  
Nov 19, 2018  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[public cloud](https://www.paloaltonetworks.com/blog/tag/public-cloud/?ts=markdown)  
[re:Invent](https://www.paloaltonetworks.com/blog/tag/reinvent/?ts=markdown)  
[RedLock](https://www.paloaltonetworks.com/blog/tag/redlock/?ts=markdown)

Thanksgiving and re:Invent are nearly upon us, and that means attackers will once again have their annual ~9-day window where development and security teams are busy eating turkey (or ++[Tofurky](https://tofurky.com/)++) and spending time in Vegas. From an attacker's perspective, this combination is liquid gold. If you knew that every year between Thanksgiving and re:Invent, you had 9+ days where eyes on glass were at their lowest, would you not take advantage of this? I know I would. Yet despite this knowledge, we continue to see companies not taking advantage of security standards -- such as the CIS benchmarks -- or public cloud provider APIs to automate monitoring the security posture of their cloud environments.

**It's re:Invent. Do you know where your access keys are?**

Back in 2017 on the last day of re:Invent, we had a haggard-looking attendee frantically run up to the RedLock booth (definitely not the first time or likely the last). We'll call him Aditya to protect the innocent. Aditya asked if we could help not only with the hygiene of his company's AWS accounts but also detect the compromise of access keys (the answer is "yes" to both). He proceeded to explain what had happened over the last few days as large portions of both development and security teams had basked in deep knowledge sharing at re:Invent. The story unfolded in an increasingly common way: a developer had inadvertently uploaded an ++[access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)++ to GitHub, and an attacker found that key and was then able to spin up massive amounts of compute (likely for ++[cryptomining](https://info.redlock.io/defending-against-cryptojacking-in-aws-azure-googlecloud)++). This not only generated a six-figure bill but also permitted the attacker to exfiltrate data from several key resources. Remember Aditya's haggard look? Now you understand.

*Unless public cloud provider APIs are a core pillar of your security program, you are still operating with an on-premises mindset.*

**Standards \& automation to the rescue**

Public cloud services, such as Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, all provide greater agility, scalability and infrastructure consistency than traditional data centers. However, the risk of data loss and business disruption remain because many companies have not yet organized their cybersecurity programs to take advantage of the ++[API-driven nature](https://info.redlock.io/lifting-shifting-new-cloud-security-ecosystem-webinar)++ of public cloud platforms. What does this mean from a practical standpoint?

Unless public cloud provider APIs are a core pillar of your security program, you are still operating with an on-premises mindset. It is these very APIs that will allow your team to continuously monitor compliance with a security standard (we very much like the ++[CIS benchmarks](https://www.cisecurity.org/cis-benchmarks/)++) as well as glean powerful telemetry data around the status of your access keys. Likewise, it is these very APIs that give you the capability to not only monitor compliance but also take corrective action. But those rich APIs don't do you or your security program any good unless your processes and tools take advantage of them.

**Get your house in order before Thanksgiving + re:Invent**

Aditya was clearly someone who knew the technical merits of AWS. However, from an organizational standpoint, his company made at least two critical errors: 1) no clear adoption of security standards, and 2) no continuous monitoring of the security posture of their cloud environment. While most large organizations have dozens of on-premises security tools at their disposal, many are severely underinvested when it comes to public cloud. Public cloud providers have attempted to bridge this gap by providing cloud-native security controls. However, many of these tools are nascent and only solve narrow problems related to *their* cloud. This doesn't help the estimated ++[81% of companies](https://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2018-state-cloud-survey)++ that have a multi-cloud strategy.

In order to enjoy the upcoming Thanksgiving holiday as well as an amazing week of learning and networking at re:Invent, do yourself a favor and get a ++[free risk assessment](https://info.redlock.io/cloud-risk-assessment)++ of your cloud footprint. RedLock is API-based, without agents or proxies. This means, within minutes, you'll have a solid understanding of which actions you need to take before digging into that turkey (or "plant-based roast") and boarding your flight to Vegas.

*** ** * ** ***

## Related Blogs

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Set It and Forget It? Not for Cloud Security](https://www.paloaltonetworks.com/blog/2019/05/cloud-set-it-and-forget-it-not-for-cloud-security/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Healthcare Orgs Move to the Cloud -- Are They Secure?](https://www.paloaltonetworks.com/blog/2019/05/cloud-healthcare-orgs-move-cloud-secure/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### 8 AWS Security Best Practices to Mitigate Risk](https://www.paloaltonetworks.com/blog/2019/02/8-aws-security-best-practices-mitigate-risk/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### The Hole in Your Container Security Strategy](https://www.paloaltonetworks.com/blog/2019/02/the-hole-in-your-container-security-strategy/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### A Shared Commitment Towards Cloud Security: Expanding Our Partnership with Google Cloud](https://www.paloaltonetworks.com/blog/2018/12/shared-commitment-towards-cloud-security-expanding-partnership-google-cloud/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Positively Fanatical: AWS re:Invent](https://www.paloaltonetworks.com/blog/2018/11/positively-fanatical-aws-reinvent/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language