Abhinav Srivastava
Abhinav Srivastava is the founder and CEO of Breez Security, bringing over 20 years of experience in cybersecurity. He most recently served as Chief Information Security Officer and VP of Infrastructure at Frame.io, which was acquired by Adobe for billions of dollars. Prior to his role at Frame.io/Adobe, Abhinav dedicated six years at AT&T Shannon Labs, focusing on systems, cloud, IoT, analytics, data center technologies, and network security R&D. He has published over 40 research papers in peer-reviewed conferences and journals and holds multiple patents. Abhinav earned his Ph.D. in Computer Science from Georgia Tech.
Session
As organizations transition to public cloud environments, they increasingly rely on third-party security and monitoring vendors to ensure the protection of these environments. These vendors offer diverse solutions, including CSPM, CNAPP, observability tools, and services such as MSSP and MDR. Most of these services are delivered via Software as a Service (SaaS), necessitating continuous access to customers' cloud environments for effective oversight.
While third-party risk assessments typically focus on the security of the vendors' systems, any breach within a vendor's cloud infrastructure can directly affect customer security. Since 98% of organizations have at least one third-party vendor that has experienced a data breach, there is a growing need for enhanced visibility into vendor activities inside customers’ cloud infrastructure. This includes monitoring their actions, the resources they access, and whether they possess excessive privileges.
In this presentation, we will analyze how third-party vendors gain access to customer cloud environments, explore methods for developing an automated system to monitor their activities and discuss how to establish alerts for deviations from expected behavior. Additionally, we will examine strategies to ensure vendor permissions consistently align with their actual activities to minimize unnecessary access over time.