2024-06-17 –, Breakout 2
In this talk, we will explore the process of building an in house emergency admin access to our AWS accounts at Block, leveraging standard technologies like smart cards and x.509 certificates that should work with many vendors using hardware owned by the business.
In our specific case, we used AWS RolesAnywhere authentication technology, AWS PCA for certificate issuance, and Yubikey PIV mode for secure certificate protection.
This talk will provide insights into the complexities of implementing secure emergency access, the challenges we faced, and how we overcame them to create a more secure and efficient system. The system has been successfully used in production.
Greg is a tech lead on the Cryptographic Identity team at Block working on establishing secure and verifiable identities in our cloud mesh. He has previously worked in the security engineering and software development space at Google. Past security publishing experiences including REcon and Phrack.
Matt Jones is an identity management practitioner with over 15 years of experience. Currently, the Identity Infrastructure Lead at Square, Matt manages an organization developing identity, credentials, and access management solutions for a hybrid multi-cloud environment. Previously, at Google, Matt managed the Production PKI team and was the tech lead for Security and Privacy on Google Cloud Storage. Matt has worked in a range of roles across industry and government to make the Internet safer for everyone.