Organizations are becoming multicloud by choice or by chance. Many of them integrate their multiple clouds with one another to improve Availability, support Disaster Recovery, and leverage the services from each provider that best fits their needs. These integrations are usually supported with long-lived credentials. These credentials are much more valuable to attackers than those that are short-lived. Even following best practices will leave your multicloud environments less secure than their single-cloud counterparts.
Join Eric Johnson and Brandon Evans, the authors of SEC510 (Public Cloud Security: AWS, Azure, and GCP) as they destroy these long-lived credentials in the Big 3 cloud providers using Workload Identity Federation. They will show how Cloud Security Engineers can securely authenticate from one cloud provider to another using short-lived, automatically rotating tokens that cannot be (ab)used in any other context. The session will conclude with a demonstration of a real multicloud web application that leverages these techniques to securely upload user data to Amazon S3, Azure Storage, and Google Cloud Storage.
Learning Objectives:
This webcast supports knowledge and concepts from the updated SEC510: Public Cloud Security: AWS, Azure, and GCP