IAM Full of Ideas Today

Community

IAM Full of Ideas Today

Christer Edwards
Christer Edwards
Technical Advocate at IAM Pulse
Sep 30, 2021

IAM full of ideas today. Full of puns, too.

You're probably reading this article because you're brainstorming topics for
publication here on IAM Pulse. Perfect. You're in the right place!

Do you have a unique IAM use case? If you work with IAM policy regularly, what
tools do you use? What does a normal day look like auditing or pen-testing
policies?

On this page you'll find a number of topics and questions about working with
IAM from a variety of industry roles. Take a minute and read through the list.
My hope is that one of these questions will inspire your take on the answer.

This list will be updated as content is posted and the discussion around IAM
evolves. Check back occasionally for fresh questions and topics.

Questions / Topics / Use Case

Large Scale

  • How do you manage a large number of cloud accounts?
  • How would you improve departmental collaboration when it comes to IAM policy?
  • Which IAM workflows scale and why? What lessons have you learned?
  • Have you used IAM at scale in any unique ways?
  • What do you think the biggest challenges are for managing IAM at scale?

DevOps

  • How do you build a least privilege CI/CD pipeline?
  • Can you recommend ways to test IAM policy changes for errors?
  • Any advice for troubleshooting IAM access denied errors?
  • Do you manage IAM across multiple clouds? How?
  • What makes IAM difficult for DevOps? How would you make it easier?

Containers

  • How do you secure a k8s clusters with least privilege IAM?
  • Any advice for people getting started with containers and IAM?
  • Have you combined IAM and container access in a unique way?
  • What lessons have you learned about combining IAM with containers?
  • Examples of managing container access with IAM policy.

InfoSec

  • What are your most common roadblocks to implementing IAM fixes?
  • Where do you find the most pain points in securing IAM policy?
  • Any advice for people getting into cloud security?
  • Can you suggest any quick wins for other InfoSec teams?
  • Examples of detecting privilege escalation in IAM policies.

Compliance

  • What makes IAM so difficult for Compliance professionals?
  • Suggest five ways you would improve the IAM audit workflow.
  • Share the most common discoveries in auditing policy.
  • What are some quick IAM wins for security teams?
  • How would you improve the processes to fix found issues?

Startups

  • Examples of managing IAM the right way from the start.
  • How should IAM policy be designed to scale with the company?
  • Why should you be the IAM champion in your startup?
  • How can least-privilege IAM policy avoid or cut costs for a lean startup?
  • What are the biggest challenges to managing IAM for startups?

IAM

  • How do service control policies work? Can you show examples?
  • What can you tell me about permission boundaries?
  • Recommendations for logging and monitoring policy changes?
  • Why is over-scoping policy rules a problem?
  • How do I go from over-scoped policy to least-privilege?

If you have an idea but you're unsure how much you can make out of it, please
reach out anyway. It's a great way to seed an idea and discover what grows.
We're happy to discuss topics and explore a range of perspectives on the
difficulties of IAM. I look forward to hearing from more of you!

Feel free to email any proposals to christer.edwards@iampulse.com.

Cover photo by Mika Baumeister on Unsplash.

Get the IAM Pulse Check Newsletter

We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

Checkout past issues for a sampling of the goods.