As organizations move to the cloud, the question of who has access to cloud infrastructure resources has become increasingly complex and important. Organizations commonly manage access using a patchwork of VPNs, IAM roles, jump hosts, credential management systems and proxies. But over the years, threat actors have consistently demonstrated their willingness to attack these systems. This session walks through several high-profile infosec war stories (including NotPetya (2017), SolarWinds (2020) and Uber (2022)) and uses each as a point of reference for discussing architectural principles that organizations should consider when securing access to production cloud systems.
What You’ll Learn:
- Best practices for managing credentials and access to production systems
- Key architecture principles for protecting access to your cloud (and on-premises) infrastructure
- Why the standard industry definition of zero-trust access can fall short of protecting against key threats