fwd:cloudsec 2023

Organizational policies are a key part of every organization’s cloud IAM strategy. They supplement least-privilege best practices by establishing guardrails that protect the organization from unknown threats, and limit the extent of damage that can potentially be caused by compromised identities, workloads or credentials.
In this talk, we will explore how to build, test, and deploy effective organizational policies.
We will do so by being mindful of the real threats and TTPs we’re trying to protect ourselves from, along with the crown jewels we need to protect, the vulnerable points in our environment, and the data perimeter.
We will also dive into the implementation of organizational IAM policies in each cloud provider, their different behaviors in edge cases, and how we should adjust our strategy to accommodate these differences.
Lastly, we will discuss strategies for building, testing, and deploying organizational policies, and recommend a process for creating and evaluating them (including how to build detection mechanisms in case of violations).

Threat Intelligence is one of the most important inputs when investigating breaches, and enables faster, better informed security decisions. However, implementing a successful threat intelligence strategy heavily depends on the feed quality and how data is cross-referenced with other intel sources. This talk highlights the challenges of building good threat intel in a cloud-based world and offers a way forward for better threat intel through collaboration. In the discussion we will present a model for evaluating cloud threat intelligence feeds, map the units of threat intelligence that are uniquely relevant to the cloud, discuss channels for sharing intel, and strategize regarding how to encourage transparency from cloud providers.
We believe this session can kick off a wider conversation to improve cloud threat intelligence.