Matt Luttrell
Matt is a Principal Security Engineer at AWS and spends most of his day working on IAM. Matt focuses on the customer experience of security - helping make complex systems simpler to secure.
Session
Data perimeters are the way to build your own identity-isolated piece of AWS. Sounds perfect, right? In reality, effectively implementing a data perimeter requires understanding multiple policy types, carving out exceptions for legitimate edge cases, navigating service-specific considerations, and rolling out controls without breaking your customers. The good news? With the right approach, implementing a data perimeter at scale is absolutely doable.
This talk takes you beyond the marketing and into the weeds of real data perimeter implementations. Which perimeter (resource, network, or identity) should you start with? How do you inventory existing traffic patterns before you lock things down? How do you slowly and safely roll out an organization-wide control?
You'll leave with practical strategies for implementing data perimeters at scale and hard-won lessons from real deployments, including the mistakes you can avoid and the patterns that actually work.