Last Week in Cloud Security — September 05
August 29 — September 05
Vulnerabilities and Case Studies
Exposing Security Observability Gaps in AWS Native Security Tooling
AWS offers a range of native security tools designed to manage and secure cloud environments. But how effective are they at detecting publicly exposable resources? The go-to tool for this task is AWS IAM Access Analyzer. You might wonder why this blog post isn’t titled “Gap Assessment of IAM Access Analyzer.” The reason is that IAM Access Analyzer’s scope extends beyond just user permissions, which is a common misconception.
Worth Knowing
An AWS Administrator Identity Crisis: Part 1
BLUF: Every attack path needs a destination. This is a formalized way of describing destinations in AWS. In cloud providers where we only have data plane access, we divert our focus from an arbitrary definition of administrator to resources we care about.
Why identities are the new perimeter in the cloud
In the ever-expanding world of cloud computing, one thing has become glaringly clear: identities are no longer just user profiles — they are the keys to the kingdom. As businesses race to harness the power of the cloud, they must also confront a growing menace: the risk posed by poorly managed identities. Imagine leaving your front door unlocked in a neighborhood known for break-ins — that’s what weak identity management is like in the cloud. If identities aren’t secured, every action, transaction, and piece of data is at risk. This post delves into why identity management is at the frontline of cloud security, and why ignoring it could spell disaster.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.