Charting a Path to Cloud Security Maturity: A Guide for Cloud & Security Teams
Sandy Bird, CTO and Cofounder Sonrai Security & Dave Shackleford, Principal Consultant and Owner of Voodoo Security
About this talk
The dynamic infrastructure in Azure, AWS, and GCP is critical for modern enterprises to meet their business goals. It’s also new territory for security teams, as things that used to be static metal are now made up by code, and who can access what changes day by day.
The major cloud providers release, on average, 17 new permissions a day. With seemingly infinite paths to data being created - and cloud data sprawl occurring in most companies - getting to peak security maturity requires disciplined prioritization of tasks for the cloud security team.
In this webcast, we chart out a prioritized list of issues to focus on, progressing environments from ‘vulnerable’ to ‘zero trust’ on a maturity scale. The prioritization is shaped by issues’ likelihood to lead to breach, how commonly the issues occur, and how easy the issues are to solve without major tooling. By focusing on a maturity journey, we establish a sustainable and achievable path towards zero trust without overwhelming the team or compromising business goals, like faster time-to-production.
Join this session to learn:
*The most important infrastructure & configuration vulnerabilities to close
*Most common identity issues (toxic combinations, privilege escalation abuse, etc) and how to eliminate them
*How to determine what security maturity level is appropriate for each environment
*Sustainable practices to keep up with changing identity permissions
*Advanced automation & tooling techniques