IAM Pulse Check #10 - Muito Moderna
Poking at the Shared Responsibility ModelRead Issue on Revue
It’s going to be a brief newsletter this week – the Moderna booster knocked me out real good this weekend, so I’m still a bit loopy.
Speaking of *ahem* responsibility, a big topic this week has been the Shared Responsibility Model of the major cloud providers, courtesy of a vulnerability in Azure Cosmos DB that was discovered by the research team at Wiz. A complete walkthrough of their findings and escalation path can be read here.
There’s no denying the value in what you get “for free” from the cloud providers in terms of operations & security across the service catalog and underlying infrastructure resources. But there is a natural element of trust that comes with it – what happens when something goes wrong?
My absolute favorite Gartner statistic, which I’ve used ironically in every presentation I’ve given in the past few years is that, “99% of cloud security failures will be the customer’s fault.” Thanks, Gartner. But what about that 1%?Keeping up with that 99% is enough to keep us all busy (and employed), so it comes as a blow when it’s something out of your control in that 1% we expect to be covered. It’s always a good reminder that the cloud services we consume are written by people, and people make mistakes. From reading the report linked above, all it takes is one questionable (or more likely unintentional) design decision to exploit the system to gain elevated privileges.
Responsibility isn’t a guarantee, but it is accountability. That trust should be a major factor when choosing a cloud provider to go “all in” with. When vulnerabilities like this are discovered, what you want to look for are the nature of the procedures in place, the speed in which things are found and fixed, and the openness of the communications.
With great responsibility comes… a privilege escalation path? Hmm… I’ll have to work on that joke when my brain comes back online.
IAM listening to this...
Moderna was a good vaccine choice for me – means I get to pull out this rare jazz album from Brazil. Joao Donato is a prolific piano player and songwriter with an unmistakeable signature groove that is best described as bossa nova beat. Hip hop heads have always dug Donato for his groove, and he’s been a steady figure in the jazz scene from the 60s to today. This album is one of his earliest, a more traditional jazz trio recording than his later work. But the signature groove is most definitely there!
Get the IAM Pulse Check Newsletter
We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.
Checkout past issues for a sampling of the goods.