Many companies see the value of least privilege controls within AWS to ensure a secure cloud data perimeter. However, in reality, implementing your cloud native data perimeter may not be as simple as it seems. What appears to be a straightforward effort on the surface actually requires careful analysis for considerations such as the various data plane control points in the cloud, meeting your own standards for internal and external zones of trust, data movement across hybrid networks, ensuring a positive developer experience, and strategies to minimize operational complexity.

In this talk, we’ll dissect the data perimeter controls we’ve implemented in our AWS environment, including things we wished we knew when we started, cloud native service capabilities we wished we had, and shed light on potential pitfalls that could lead to security control gaps, operational inefficiencies and technical debt.