2024-06-18 –, Breakout 1
Zero Touch Prod is a Google-ism, and also a good idea. It's common that engineers, even at companies with strong security programs and cloud-native architecture, organically evolve operational processes that require they touch production daily.
As security practitioners, it's our job to keep our companies safe - both from bad actors, and also humans making mistakes. Allowing humans to work directly in production infrastructure introduces mitigable risks.
This talk shares my universal theory of how to incrementally and collaboratively move a cloud-native organization to Zero Touch Prod. We'll talk about why people touch prod, how they touch prod, and what we can do about it. I'll include a summary of the various production access primitives available in AWS, when to use them, and how to do so safely. We'll dive deep on the implementation options for building blocks like JIT/Temporary Access and operational script running.
Wherever you are in your Access Journey, you'll walk away with practical and pragmatic next steps!
Rami is a bit of a security wonk. Most recently, he helped build the Infrastructure Security program at Figma. Before that, he worked as a security consultant and helped scale security for a health-tech unicorn. He writes about security over at ramimac.me and for tldrsec.com.