Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical challenge of identifying identity ownership in modern Infrastructure-as-Code (IaC) environments through this 23-minute conference talk from fwd:cloudsec. Learn why traditional platform audit logs like CloudTrail and Entra ID audit logs are insufficient for determining who created or manages specific identities when IAM is managed through IaC frameworks. Discover innovative approaches to solving IaC-based ownership challenges by leveraging alternative data sources including IaC codebases and CI/CD logs. Understand how to implement static code analysis, heuristics, and large language models (LLMs) to unravel complex identity ownership patterns. Gain insights from security researchers Dan Abramov and Eliav Livneh, who share their practical experience in tackling Non-Human Identity (NHI) security challenges and developing solutions for proper identity management and incident response in cloud-native environments.
