Cloud Security Podcast

Dynamic Permission Boundaries: A New Approach to Cloud Security

Nov 12, 2024

Kushagra Sharma, a Staff Cloud Security Engineer with extensive experience in scaling IAM across AWS environments, shares his insights on dynamic permission boundaries. He discusses the failures of traditional IAM models at scale and emphasizes the need for innovative solutions like Terraform for security management. Kushagra also covers the challenges of multi-cloud setups and the evolving responsibilities between developers and security teams, all while maintaining a balance between security and developer autonomy.

46:05

Creator website

Episode guests

Kushagra Sharma

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Implementing dynamic permission boundaries is crucial for managing IAM at scale, allowing flexibility while ensuring robust security compliance.

A proactive shared responsibility framework within organizations clarifies security roles, bridging gaps and improving overall governance in cloud environments.

Fostering collaboration between development and security teams enhances IAM effectiveness, empowering developers to prioritize security in a rapidly evolving cloud landscape.

Deep dives

Scaling Identity and Access Management

Managing identity and access for large-scale environments can present significant challenges, especially with organizations utilizing thousands of AWS accounts. The traditional model, where security teams must manually approve IAM requests, becomes impractical and inefficient as account numbers grow. Automating permissions while maintaining security oversight is crucial, which means defining a robust IAM strategy that empowers developers to manage their own access within defined boundaries. Effectively balancing developer autonomy and security requirements helps mitigate the operational overhead commonly associated with outdated approval processes.

Intro

2min

Navigating IAM Challenges in Cloud Environments

16min

Evolving Cloud Security Responsibilities

16min

Cloud Security Monitoring and Compliance Challenges

7min

Navigating Cloud Security: Alerts, AI, and Permission Management

2min

Personal Interests and Culinary Favorites Beyond Cloud Security

3min

In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from Booking.com and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model.

They discuss why traditional IAM models often fail at scale and the necessity of implementing dynamic permission boundaries, baseline strategies, and Terraform-based solutions to keep up with ever-evolving cloud services. Kushagra also explains how to approach IAM in multi-cloud setups, the challenges of securing managed services, and the importance of finding a balance between security enforcement and developer autonomy.

Guest Socials:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Kushagra's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(02:31) A bit about Kushagra

(03:29) How large can the scale of AWS accounts be?

(03:49) IAM Challenges at scale

(06:50) What is a permission boundary?

(07:53) Permission Boundary at Scale

(13:07) Creating dynamic permission boundaries

(18:34) Cultural challenges of building dev friendly security

(23:05) How has the shared responsibility model changed?

(25:22) Different levels of customer shared responsibility

(29:28) Shared Responsibility for MultiCloud

(34:05) Making service enablement work at scale

(43:07) The Fun Section

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast

Dynamic Permission Boundaries: A New Approach to Cloud Security

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Scaling Identity and Access Management

Dynamic Permission Boundaries

Shared Responsibility Model Considerations

Agility in Service Enablement and Monitoring

Cultural Shift Toward Collaborative Security

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast

Dynamic Permission Boundaries: A New Approach to Cloud Security

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Scaling Identity and Access Management

Dynamic Permission Boundaries

Shared Responsibility Model Considerations

Agility in Service Enablement and Monitoring

Cultural Shift Toward Collaborative Security

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights