fwd:cloudsec 2023

fwd:cloudsec 2023

How do you set boundaries? i.e AWS Permissions boundaries in large cloud environments
06-12, 13:30–13:50 (US/Pacific), Salon B

Often you hear about “security” creating friction during cloud adoption, especially in large regulated organizations where setting boundaries pose a challenge amongst myriad requirements from risk and compliance teams and it doesn’t get easier while you demystify the AWS IAM universe.

But there’s always a eureka moment and for us, it was the “AWS Permissions boundaries” so with this talk, we’ll show how central security teams can empower development teams to focus on faster cloud adoption and delivering value to the business, while security teams incorporate boundaries in their security baseline moving towards a self-service IAM model.

There are always security exceptions and making a "one size fits all" boundary sounds impossible, right? So we would show how at Booking.com, we built "flavored" permissions boundaries on the fly to tackle edge cases and AWS account-level exceptions making every account boundary unique yet secure and at the same time, highlighting how we overcame some challenges faced along the way.

Kushagra is a Senior Platform Security Engineer at Booking.com in the cloud security space. He previously worked with FinTech scale-ups and in the consulting industry architecting and building solutions in a hybrid cloud environment tackling regulated cloud environments with the goal to make security frictionless. A strong believer of a Cloud-First strategy with a Cloud-Native approach.