Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

Episode 25 September 01, 2020 00:35:08
Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles
SilverLining IL
Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Shira Shamban

Guest title: CEO & Co-Founder

Company: Solvo

Abstract

In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process. 

Timing:

0:00 Introducing our guest

3:00 Introducing cloud identity challenges 

6:20 Why role management is not enough

11:40 Why we fail to create least-privilege-roles  

15:10 How to manage IAM securly - the people angle

18:13 How to manage IAM securly - the process angle

21:08 How to manage IAM securly - the technology angle

31:08 Summary and last words

Other Episodes

Episode 8

September 24, 2019 00:27:26
Episode Cover

Episode 8: Securing The World of IoT

Attendees Guest: Beau Woods Guest title:  Member Company:  We-Are-The-Cavalry, Atlantic Council Abstract IOT devices such as Medical embedded devices, autonomous vehicle and smart homes are currently the Achilles heel of information security. The technology is advancing fast, but the security frameworks are not advancing at the same pace. In this episode we talk with Beau woods, founder for I-am-the-cavalry, about the steps governments, regulators and vendors should take in order to produce safer IOT devices. Timing   0:00 Intro and introducing our Beau activities and I-AM-The-Cavalry community   5:20 What are the unique challenges of IOT security?  9.05  It is not a question of connectivity 11:35   How do better engineer IOT devices - fail fast, detect failure and maintain an ability to fix failures 17.15 Engineering is not enough - how the IOT consumers should be trained for and aware of 22.20 Summary and conclusions   ...

Listen

Episode 39

June 23, 2021 00:29:08
Episode Cover

SilverLining Episode 39: Securing API Services

Attendees Guest: Oz Avenstein Guest Title: Founder & CEO @ Avensec - Cloud & Application Security Topic: Securing API Services   Abstract The applicative infrastructure is becoming more and more complex due to different requirements, design patterns, and technologies. In many of these cases, one of those requirements is to connect other parties to systems, and in other cases, to connect systems to other parties. Nowadays, the most common connection method is to use Application Programming Interfaces (APIs). In this episode we spoke with Oz Avenstein, co-author of the CSA Security Guidelines for Providing and Consuming APIs about the guidelines creation process and how organizations should secure access to API resources. ...

Listen

Episode 44

December 22, 2021 00:25:51
Episode Cover

SilverLining Episode 44: Gaining cloud security knowledge & certification - Part 2

Guest: David W. Schropfer Guest Title: Host of DIY Cyber Guy Podcast Abstract:  Many IT & security professionals are asking what Is the best way to enter the world of cloud computing. In this episode we continue our conversation with David W. Schropfer from DIY cyber guy  about the cloud computing career paths   ...

Listen