AWS re:Invent 2023
Zero Trust Access with Zero Waiting Zero Pain and Zero Compromises Sec329

Title

AWS re:Invent 2023 - Zero Trust access with zero waiting, zero pain, and zero compromises (SEC329)

Summary

  • The talk was presented by the co-founder and CTO of StrongDM, focusing on Zero Trust security principles.
  • The speaker invited attendees to discuss one-on-one post-session and provided a self-assessment to gauge the audience's current security posture.
  • Zero Trust is about continuously verifying trust, authenticating, and authorizing every action, and securing data and resources directly rather than defending the perimeter.
  • StrongDM's approach to Zero Trust, called Dynamic Access, avoids the need to rewrite applications by adding API compatibility.
  • Dynamic Access starts with identity and adds context from various factors like device, time, location, and network properties.
  • The speaker demonstrated how StrongDM allows for passwordless access to resources, fine-grained policy enforcement, and real-time authorization without VPNs or handling secrets.
  • The demo included examples of accessing Linux servers, databases, and a Windows server, as well as fine-grained policy enforcement using AWS's Cedar policy language.
  • The speaker showcased how StrongDM can control access to database tables, redact sensitive information, limit query results, and require justifications or MFA for certain actions.
  • The session concluded with evidence of the system's ability to collect audit trails, including SSH commands, database queries, and pixel-perfect playback of remote desktop sessions.

Insights

  • The self-assessment at the beginning of the talk was a clever way to engage the audience and make them reflect on their security practices.
  • StrongDM's Dynamic Access approach to Zero Trust security can significantly reduce the complexity and time required to implement Zero Trust by avoiding application rewrites.
  • The use of context in access decisions is a critical aspect of Zero Trust, as it allows for more granular and situation-aware security policies.
  • The demonstration of StrongDM's capabilities highlighted the practical application of Zero Trust principles in a real-world scenario, showcasing ease of use and seamless integration.
  • The adoption of AWS's Cedar policy language for fine-grained policy enforcement suggests a trend towards standardization and interoperability in cloud security practices.
  • The ability to provide detailed audit trails and real-time policy enforcement is crucial for compliance and can be a strong selling point for security solutions like StrongDM.
  • The talk emphasized the importance of user experience in security, suggesting that solutions that minimize friction while enhancing security are likely to be more readily adopted by organizations.
Zero to Machine Learning Jump Start Your Data Driven Journey Smb204AWS re:Invent 2022