New AWS Policy Type Unlocks Third Party Access Control скачать в хорошем качестве

New AWS Policy Type Unlocks Third Party Access Control

Third party access is an underserved attack vector in AWS. It’s particularly hard to defend against, as guardrails like SCPs don’t apply to external identities, so there’s no central control. It’s also particularly risk-prone, as it’s easy to lose track of and often overpermissioned, either from third party access needs or lack of governance. Wiz reports 82% of companies unknowingly give 3rd parties access to all their cloud data, while Datadog warns that third party access is the main vector for Confused Deputy attacks. Third parties tend to hang around with no structured offboarding; tracking them is the responsibility of a single person who forgets them in time. Thanks to AWS’s recent innovation of Resource Control Policies (RCPs), you can now control third party access risk in one place. RCPs are a new policy type that apply to the resources themselves instead of principals, keeping identities outside an account from violating central access guidelines. Sonrai has worked with AWS to fold RCPs into the Sonrai Cloud Permissions Firewall, extending permissions security from services, regions, and unused identities to third parties. RCPs might be new, but we’re experts in how they work! In this webinar, we’ll cover: What Resource Control Policies (RCPs) are How RCPs change what you can control in AWS How to use RCPs to govern data access How Sonrai uses RCPs to extend permissions control to third parties