We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic.
By clicking "I accept", you consent to our use of cookies.

Evento:
Cloud Day 2022
Lingua:
Italiano

Tag

  • AWS
  • AWS IAM

Speaker

Define a correct IAM strategy: treat your security baseline like a product

To improve their Cloud agility, companies must permit to developers to experiment and innovate quickly and safely. What happens if our developers needed the IAM privileges to permit a Lambda function to read/write data on a DynamoDB or S3 bucket? How we can delegate to our developers the responsibility for app-specific IAM resources without compromising security and compliance requirement? How can our organization define a proper IAM strategy? To answer these question we must implement a strong identity foundation leveraging the principle of least privilege and enforcing separation of duties. Last but not least the organization must start to treat our security baseline like a product delivering it using CI/CD automation and adopting the policy-as-code capability.