Here’s five of our best moments from CISO Series Video Chat: “Hacking Cloud Infrastructure: An hour of critical thinking about how identity is your front line of defense for your infrastructure.”
Our guests for this discussion were:
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Ermetic
Best Bad Idea
Congrats to Drew Brown, IT security manager, Commonwealth of Pennsylvania for winning this week’s Best Bad Idea.
Other honorable mentions go to:
“Turn off all permissions over the weekend and reactivate based on trouble tickets. Ticket-Based Access Control!” – Phil Wolff, co-founder, Wider Team
“Publish your root keys to a public github project, for collaboration and developer velocity.” – Chad Lorenc, senior cloud security consultant, AWS
“Create custom roles for your organization which leverage the (multitude of) built-in roles appropriately and assign those. Bonus points for using the same role names as your on-premise roles.” – Brian Colt, information security engineer, DASH Financial Technologies
“Workload identity instead of service accounts; Using groups to manage identity vs individuals.” – Eric Sherman, site reliability engineer, Tausight
“Actually audit access periodically, instead of saying that you do.” – Ian Poynter, virtual CISO, Kalahari Security
Quotes from the chatroom
“For years 2+, reassess vendor’s cloud access. If it hasn’t changed (or decreased), perform the same risk assessment. If it has increased, perhaps a more stringent assessment is in order.” – Brian Colt, information security engineer, DASH Financial Technologies
“You have to go out of your way to override the secure cloud defaults but on prem you usually have to ENABLE the secure option.” – Larry Rosen, manager, security advisory, Avanade
“We were able to identify a number of compromised accounts for a vendor and used that to improve the relationship to ‘partner’ rather than vendor” – Drew Brown, IT security manager, Commonwealth of Pennsylvania