Identity, Entitlement, and Access Management
This chapter covers the following topics from Domain 12 of the CSA Guidance:
• Identity and Access Management Standards for Cloud Computing
• Managing Users and Identities
• Authentication and Credentials
• Entitlement and Access Management
Don’t bore me with basics.
—Undisclosed system engineer
Someone actually said this as I was discussing the importance of proper identity and access management (IAM) for files stored in Amazon Web Services (AWS) S3. Some time later, it was discovered that this engineer’s company had leaked millions of customer records via an AWS S3 share that granted access to everyone in the world. Yes, IAM may be “basic,” but proper IAM is critical and cannot ...