Panel Discussion: Cloud Identity and Access Management
10/05/22 • 59 min
This episode features a panel of three of the top Cloud Identity and Access Management experts in the world. Kat Traxler, Karl Fosaaen, and Kyler Middleton are incredibly knowledgable about how IAM works in all three cloud providers, but Kyler specializes in AWS, Karl spends most of his time with Azure, and Kat is our resident GCP guru. Each panelist will represent their primary cloud’s strengths and weaknesses. Which provider will come out on top? Will any cloud provider leave this conversation unscathed? Join Brandon Evans and the panel to find out.
Resources mentioned in this episode
AWS STS assume theory video - https://www.iampulse.com/resources/videos/aws-sts-primer-why
AWS STS how-to video: https://www.iampulse.com/resources/videos/aws-sts-primer-demo
Restricting Hop Limits with your AWS tokens: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/configuring-instance-metadata-service.html
https://pumasecurity.io/resources/blog/cloud-security-instance-metadata/
https://www.netspi.com/blog/technical/cloud-penetration-testing/extract-credentials-from-azure-kubernetes-service/
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
Sponsor's Note:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Revie
SPONSER NOTE:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Review and Download Cloud Security Resources: sans.org/cloud-security/
Join our growing and diverse community of cloud security professionals on your platform of choice:
This episode features a panel of three of the top Cloud Identity and Access Management experts in the world. Kat Traxler, Karl Fosaaen, and Kyler Middleton are incredibly knowledgable about how IAM works in all three cloud providers, but Kyler specializes in AWS, Karl spends most of his time with Azure, and Kat is our resident GCP guru. Each panelist will represent their primary cloud’s strengths and weaknesses. Which provider will come out on top? Will any cloud provider leave this conversation unscathed? Join Brandon Evans and the panel to find out.
Resources mentioned in this episode
AWS STS assume theory video - https://www.iampulse.com/resources/videos/aws-sts-primer-why
AWS STS how-to video: https://www.iampulse.com/resources/videos/aws-sts-primer-demo
Restricting Hop Limits with your AWS tokens: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/configuring-instance-metadata-service.html
https://pumasecurity.io/resources/blog/cloud-security-instance-metadata/
https://www.netspi.com/blog/technical/cloud-penetration-testing/extract-credentials-from-azure-kubernetes-service/
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
Sponsor's Note:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Revie
SPONSER NOTE:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Review and Download Cloud Security Resources: sans.org/cloud-security/
Join our growing and diverse community of cloud security professionals on your platform of choice:
Previous Episode
Anton Chuvakin: Remapping Mental Models in IT, Security, and Compliance for the Cloud
Dr. Anton Chuvakin and Brandon Evans discuss why some organizations desperately try to follow the on-premises blueprint when securing the cloud, how to prevent Compliance from getting in the way of the evolution of IT Security, and what Anton is doing at Google Cloud to deal with the Shared Responsibility Model breaking in the real world.
Our Guest - Dr. Anton Chuvakin
Dr. Anton Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019.
Anton was, until recently, a Research Vice President and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team.
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior", "Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management" and ""PCI Compliance, Third Edition: Understand and Implement Effective PCI Data Security Standard Compliance"" (book website) and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and other books.
Resources mentioned in this episode
Some ideas on compliance as code: https://cloud.google.com/blog/products/identity-security/risk-and-compliance-as-code
https://www.forbes.com/sites/googlecloud/2022/04/19/demystifying-shared-fate-a-new-approach-to-understand-cybersecurity/
https://cloud.google.com/blog/products/identity-security/8-megatrends-drive-cloud-adoption-and-improve-security-for-all
Sponsor's Note:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcas
SPONSER NOTE:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Review and Download Cloud Security Resources: sans.org/cloud-security/
Join our growing and diverse community of cloud security professionals on your platform of choice:
Next Episode
John Alves: Exploring Microsoft Azure Security Platforms and Capabilities
Brandon Evans is joined by John Alves of CyberOne, who is also an up-and-coming instructor for SANS SEC510: Public Cloud Security: AWS, Azure, and GCP, to take a deep-dive into Microsoft Azure security platforms, creating cloud security learning paths for those you manage, and getting involved with the SANS community.
Our Guest - John Alves
Twitter: @cyberlowdown
LinkedIn: https://www.linkedin.com/in/alves-john/
Resources mentioned in this episode:
For Sentinal Training - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310
Tool specific training around Microsoft tools (Sentinel, Defender for Cloud, Sentinal Automation, etc) - https://azurecloudai.blog/2021/05/12/all-the-microsoft-ninja-training-i-know-about/
Sponsor's Note:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Review and Download Cloud Security Resources: sans.org/cloud-security/
Join our growing and diverse community of cloud security professionals on your platform of choice:
Discord | Twitter | LinkedIn | YouTube
SPONSER NOTE:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Review and Download Cloud Security Resources: sans.org/cloud-security/
Join our growing and diverse community of cloud security professionals on your platform of choice:
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cloud-ace-215853/panel-discussion-cloud-identity-and-access-management-24205718"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to panel discussion: cloud identity and access management on goodpods" style="width: 225px" /> </a>
Copy