EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?

Guest:  Dylan Ayrey, cofounder of Truffle Security Topics: Could you explain briefly why identity is so important in the cloud? A skeptic on cloud security once told us that “in the cloud, we are one identity mistake from a breach.” Is this true? For listeners who aren’t familiar with GCP, could you give us the 30 second story on “what is a service account.” How is it different from a regular IAM account? What are service account impersonations? How can I see if my service accounts can be impersonated? How do I detect it? How can I better secure my organization from impersonation attacks? Resources: Truffle Security blog “GCP Lateral Movement And Privileged Escalation Spill Over And Updates From Google” by Dylan Ayrey “Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments”  blog  “Kat Traxler - Taste the IAM” blogs

Om Podcasten

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.