logo
episode-header-image
May 2024
26m 45s

Why Least Privilege Matters in Cloud Sec...

Cloud Security Podcast Team
About this episode

What's the best way to navigate least privilege complexities in a multi cloud environment? And how is the role of identity management evolving? We spoke to Jeff Moncrief from Sonrai Security on why identity is the new network in the cloud-driven world. We speak about the challenges of implementing least privilege in cloud environments, the misconceptions surrounding identity roles, and the critical importance of segmenting access across public clouds just as rigorously as we did on-premises.


Guest Socials: Jeff's Linkedin

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(01:59) A bit about Jeff

(03:01) How is identity different in the Cloud?

(05:40) Misconceptions about least priviledge in the cloud

(08:50) Cloud Native solutions for Permission Attack Surface Management

(15:36) Common themes when addressing privilege in Cloud

(17:22) Starting point when dealing with identities

(20:03) Frameworks when working through least privilege

(23:21) Showing ROI on doing least privilege

Up next
Yesterday
Guide to Hybrid Cloud & Bare Metal Secret Management
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure.Dan Popescu, Senior Site Reliability Eng ... Show More
32m 23s
Jul 1
"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system ... Show More
40m 27s
Jun 23
Prioritizing Cloud Security: How to Decide What to Protect First
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a sma ... Show More
41m 8s
Recommended Episodes
Apr 26
Understanding SaaS Security: Insights, Challenges, and Best Practices
In this episode of Cybersecurity Today, host Jim Love delves into the topic of SaaS (Software as a Service) security. Sharing his early experiences promoting SaaS, Jim elaborates on its inevitable rise due to cost-effectiveness and shared development resources. The episode highli ... Show More
38m 5s
Feb 2025
Rethinking Cloud Security Strategies
Cloud security is more complex than ever. Organizations move fast, but security teams often struggle to keep up. In this episode of Threat Vector, host David Moulton speaks with Amol Mathur, SVP of Products for Prisma Cloud at Palo Alto Networks, about how platformization is resh ... Show More
35m 28s
Oct 2024
Balancing Security with Usability in Cybersecurity
In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More
41m 41s
Sep 2024
D2DO250: The Realities of Responsible Disclosure in the Cloud
Cloud security and responsible disclosure are the focus of today’s conversation with guest Kat Traxler. Kat shares her insights on identifying vulnerabilities in cloud services, particularly Google Cloud, and the importance of curiosity in her research. The episode explores the r ... Show More
32m 28s
Feb 2025
The Role of Cybersecurity
In this episode of Life of a CISO, Dr. Eric Cole dives deep into a critical question every cybersecurity professional must ask themselves: What is your real role? It’s easy to hide behind job titles like “CISO” or “cybersecurity professional,” but understanding the true essence o ... Show More
29m 58s
Jun 16
Cybersecurity Today: WestJet Cyber Incident, Anubis Ransomware Evolution, Discord Exploits, and Google Cloud Outage
Host David Shipley discusses several critical cybersecurity incidents and developments. WestJet, Canada's second-largest airline, faced a cybersecurity breach impacting its mobile app and internal systems. The airline is working with law enforcement to investigate while emphasizi ... Show More
11m 30s
Nov 2024
Bridging AI and Cybersecurity Gaps with Mileva Security Labs’ Harriet Farlow
Join us in this episode of Threat Vector as guest host Michael Heller shares his conversation with Harriet Farlow, CEO of Mileva Security Labs and a pioneer in AI security research. With a background spanning AI and national cybersecurity, Harriet shares her journey into adversar ... Show More
27m 17s
Jan 2022
Tech Bytes: Embedding Network Security Into Your Cloud Network (Sponsored)
Today on the Tech Bytes podcast we’re talk network security at scale. That is, in a cloud environment, how can you build security capabilities and features into the network while also being able to keep up with security policies, operations, compliance, and more. Our sponsor is A ... Show More
14m 28s
Jun 20
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365’s enterprise security as foreign government hackers compromised the email accounts of journ ... Show More
14m 28s
Oct 2024
Security Posture
In the latest episode of Life of a CISO, Dr. Eric Cole emphasizes the importance of continually evolving cybersecurity practices and re-examining fundamental principles. Unlike static industries like accounting or legal, cybersecurity is in constant flux, requiring companies to s ... Show More
30m 11s
Listen to millions of songs and podcasts on Anghami