Non-People Identities: the New Battleground in Cloud Security
Identity security used to be straightforward – one person, one identity. Now in a modern public cloud deployment, identities are innumerable and critical to securing your data. Non-people identities – like servers, VMs, serverless functions, applications, etc. – are being created at a rapid pace, sometimes by services without a person ever involved.
Cloud providers like Azure, AWS, and GCP have given us tools to help govern access, but they can be made insecure by simple configuration errors or omissions – and they’re very different approaches, creating complexity for multicloud deployments. Governance requires a new approach that meets this new reality of ephemeral compute and complex webs of permission combinations.
Join this session to learn:
- What we mean by non-people identities
- What problems these identities cause
- Best practices for managing them, including out-of-box configuration changes
- Immediate steps anyone can take today to secure the identities
Eric Kedrosky, CISO & Director of Cloud Research, Sonrai Security
Dave Shackleford, Founder and Principal Consultant, Voodoo Security