EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler

Guest:

• Kat Traxler, Security Researcher, TrustOnCloud

Topics:

• What is your reaction to "in the cloud you are one IAM mistake away from a breach"? Do you like it or do you hate it?

• A lot of people say "in the cloud, you must do IAM 'right'". What do you think that means? What is the first or the main idea that comes to your mind when you hear it?

• How have you seen the CSPs take different approaches to IAM? What does it mean for the cloud users?

• Why do people still screw up IAM in the cloud so badly after years of trying?

• Deeper, why do people still screw up resource hierarchy and resource management?

• Are the identity sins of cloud IAM users truly the sins of the creators? How did the "big 3" get it wrong and how does that continue to manifest today?

• Your best cloud IAM advice is "assign roles at the lowest resource-level possible", please explain this one? Where is the magic?

Resources:

• Video (Linkedin, YouTube)

• Kat blog

• "Diving Deeply into IAM Policy Evaluation" blog

• "Complexity: a Guided Tour" book

• EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same?

• EP129 How CISO Cloud Dreams and Realities Collide