Cloud Security Podcast

Dynamic Permission Boundaries: A New Approach to Cloud Security

Listen Later

In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from Booking.com and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model.

They discuss why traditional IAM models often fail at scale and the necessity of implementing dynamic permission boundaries, baseline strategies, and Terraform-based solutions to keep up with ever-evolving cloud services. Kushagra also explains how to approach IAM in multi-cloud setups, the challenges of securing managed services, and the importance of finding a balance between security enforcement and developer autonomy.


Guest Socials:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Kushagra's Linkedin

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:31) A bit about Kushagra

(03:29) How large can the scale of AWS accounts be?

(03:49) IAM Challenges at scale

(06:50) What is a permission boundary?

(07:53) Permission Boundary at Scale

(13:07) Creating dynamic permission boundaries

(18:34) Cultural challenges of building dev friendly security

(23:05) How has the shared responsibility model changed?

(25:22) Different levels of customer shared responsibility

(29:28) Shared Responsibility for MultiCloud

(34:05) Making service enablement work at scale

(43:07) The Fun Section

...more
View all episodesView all episodes
Download on the App Store
Cloud Security PodcastBy Cloud Security Podcast Team
  • 5
  • 5
  • 5
  • 5
  • 5

5

56 ratings

More shows like Cloud Security Podcast

View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

370 Listeners

Risky Business by Patrick Gray

Risky Business

375 Listeners

The Cloudcast by Massive Studios

The Cloudcast

155 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

637 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,016 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,010 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

175 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

188 Listeners

Practical AI by Practical AI LLC

Practical AI

212 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

202 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

134 Listeners

Cloud Security Podcast by Google by Anton Chuvakin

Cloud Security Podcast by Google

40 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners