Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I would like to also add: A system to lower privileges based on last use.
Companies often have IAM/ssh/keys all over the place. If you centralize things to IAM you can lower permissions based on their last use. EG. A frontend dev needs access to GCP to configure things in firebase. This frontend developer hasn't used these IAM permissions in 3 months. This persons IAM permissions should automatically have these permissions removed.
Probably one of the easiest yet most powerful thing to implement in cloud sec ops AND probably never done.
https://cloud.google.com/iam/docs/recommender-managing
Shameless plug: https://github.com/james-ransom/auto-apply-gcp-iam-recommend...
I would like to also add: A system to lower privileges based on last use.
Companies often have IAM/ssh/keys all over the place. If you centralize things to IAM you can lower permissions based on their last use. EG. A frontend dev needs access to GCP to configure things in firebase. This frontend developer hasn't used these IAM permissions in 3 months. This persons IAM permissions should automatically have these permissions removed.
Probably one of the easiest yet most powerful thing to implement in cloud sec ops AND probably never done.
https://cloud.google.com/iam/docs/recommender-managing
Shameless plug: https://github.com/james-ransom/auto-apply-gcp-iam-recommend...