Accessing Resources in the Cloud: Infosec War Stories and Architectural Lessons Learned – Techstrong Con 2023

April 16, 2023

As organizations move to the cloud, the question of who has access to cloud infrastructure resources has become increasingly complex and important. Organizations commonly manage access using a patchwork of VPNs, IAM roles, jump hosts, credential management systems and proxies. But over the years, threat actors have consistently demonstrated their willingness to attack these systems. Sharon Goldberg walks through several high-profile infosec war stories (including NotPetya (2017), SolarWinds (2020) and Uber (2022)) and uses each as a point of reference for discussing architectural principles that organizations should consider when securing access to production cloud systems.

You’ll learn:
-Best practices for managing credentials and access to production systems
-Key architecture principles for protecting access to your cloud (and on-premises) infrastructure
-Why the standard industry definition of zero-trust access can fall short of protecting against key threats

Share some ❤
starts in 10 seconds