Page 123 - Cyber Defense eMagazine for July 2020
P. 123
picture of access in the cloud and working toward least privileged access are difficult , but necessary
endeavors to ensure security in the cloud. In the last couple months, plenty of enterprise security
professionals have realized that cloud identity and access management (IAM) is an area where they are
vulnerable because they lack insight into the complex problem.
The repercussions of poor IAM governance are substantial and sometimes unpredictable. For example,
last year a former AWS employee accessed over 100 million Capital One customers’ records after she
bypassed a misconfigured web application firewall, then used privileged escalation to access the data.
To protect the identity perimeter at scale, organizations need an automated monitoring and remediation
solution for access management, role management, identity authentication and compliance auditing – all
of which help enterprise security teams stay ahead in this complex landscape. Even once this pandemic
subsides, we will continue to see a great emphasis placed on cloud IAM, especially as organizations
continue to encourage remote work.”
About the Author
Chris is the VP of Technology, Cloud Security Practice at DivvyCloud
by Rapid7. He is a technical pioneer whose passion is finding
innovative and elegant new ways to deliver security, compliance and
governance to customers running at scale in hybrid cloud
environments. He remains deeply technical, writing code and diving
into the latest technologies and services being deployed by partners
like Amazon, Microsoft, Google, VMware, and OpenStack.
Before co-founding DivvyCloud, Chris was the Online Operations
Manager at Electronic Arts for the Mythic Studio where he helped
design, build and operate large scale cloud infrastructure spanning public and private clouds to run
Electronic Art’s largest online games (including Warhammer Online: Wrath of Heroes and Warhammer
Online: Age of Reckoning). He started his career as a Network & System Administrator at the U.S.
Department of Energy where he was mandated with a broad array of technical responsibilities including
security and compliance.
Chris earned his Bachelor of Business Administration in Computer Information Systems from James
Madison University.
Cyber Defense eMagazine –July 2020 Edition 123
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.