In this episode of the ScaleToZero podcast, we had an insightful conversation with Rowan Udell, an AWS IAM leader and security consultant, about the future of cloud security. We delved into critical topics like prohibiting human access to production accounts, maximizing ROI in IAM and policy management, and the role of Just-In-Time access. We also explored the impact of LLMs on IAM engineering and discussed practical strategies for minimizing attack surfaces in the healthcare industry. This episode is a must-listen for anyone responsible for AWS security and identity management.

Watch on YouTube: https://youtu.be/r0eupMDCqB8

#cybersecurity AWS #IAM #CloudSecurity #DevSecOps #JustInTimeAccess #LLM #SecurityBestPractices

00:00 Teaser and Introduction

05:45 Prohibiting human access to production cloud accounts

12:00 Recommendations to prohibit human access to production accounts

15:30 Strategy to maximize ROI in IAM and Policy Management

19:00 Thoughts on the ability to create users and roles at will in the cloud

23:19 What is Just-In-Time and its role in the cloud?

30:14 Providing secure access to teams in the healthcare industry via IAM

38:05 How organizations can keep the attack surface minimum

41:51 Common misconfigurations seen with minimal fix

44:22 Less-known features of AWS IAM with great impact

48:30 Are LLMs a blessing or curse to IAM engineers?

51:20 Shift of LLMs that IAM engineers should expect in 2025

55:35 Summary

56:38 Learning recommendations