In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from [Booking.com]([ Ссылка ]) and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model.

They discuss why traditional IAM models often fail at scale and the necessity of implementing dynamic permission boundaries, baseline strategies, and Terraform-based solutions to keep up with ever-evolving cloud services. Kushagra also explains how to approach IAM in multi-cloud setups, the challenges of securing managed services, and the importance of finding a balance between security enforcement and developer autonomy.

Questions asked:
00:00 Introduction
02:31 A bit about Kushagra
03:29 How large can the scale of AWS accounts be?
03:49 IAM Challenges at scale
06:50 What is a permission boundary?
07:53 Permission Boundary at Scale
13:07 Creating dynamic permission boundaries
18:34 Cultural challenges of building dev friendly security
23:05 How has the shared responsibility model changed?
25:22 Different levels of customer shared responsibility
29:28 Shared Responsibility for MultiCloud
34:05 Making service enablement work at scale
43:07 The Fun Section

--------------------------------------------------------------------------------
📱Cloud Security Podcast Social Media📱
_____________________________________
🛜 Website: [ Ссылка ]
🧑🏾‍💻 Cloud Security Bootcamp - [ Ссылка ]
✉️ Cloud Security Newsletter - [ Ссылка ]
Twitter: [ Ссылка ]
LinkedIn: [ Ссылка ]

#cloudsecurity #iam #awssecurity

свернуть