InstaSecure

Live stream on *right now* with Steve Tout moderating a discussion on IAM and Privacy trends as the first segment of our live session "Ghosts of Innovation Past" . I'll be hosting the second segment starting at 3pm PT following. https://lnkd.in/gA33J7v7 - and click "join the live stream".

It's always amazing when you get some external validation from folks that don't know you, your product, or your mission. I'd like to give a big thank you to the Cloud Security Alliance , ISACA, and Information Systems Security Association (ISSA) chapter members in Phoenix who welcomed InstaSecure to their summer conference this year. We were looking for an opportunity to tell our story and provide some information on proactive and preventive cloud security controls - an area that is important and often overlooked. We got that and a lot more. Rupesh Mishra and I were happy for the great reception at the event in Phoenix. Thank you to the prize committee for giving us the "fresh award" at the conference and for all of those who have continued the conversation with us since then! CC / Joe Vadakkan Jawahar Sivasankaran Alain Mayer Jimmy S, CISSP, CRISC, CISM Mike Skurko ISSA Phoenix ISACA Phoenix Chapter Jim Reavis

Our CISO and Cofounder, John Donovan, is running for the ISSA International board this year. Please support him in his candidacy for this important security non-profit and membership organization.

"Non-Human Identities" is very buzzwordy right now - it turns out there are a lot of those. Here's some guardrail sub-categories with example vendors: 1. Kubernetes permissions like service accounts, RBAC, and secrets - detecting over-permissioned resources. A key piece of this is visualizing the connections instead of tables, ARMO does this well. 2. Environment variables and workload permissions - giving visibility into what an attacker would gain access to if they accessed a resource. Sweet Security does this well. 3. API Keys - highly technically differentiated, some are just looking for API keys in code, others are actually watching creation logs and monitoring their actions. I've seen Entro Security do this very well. 4. OAuth connections - Astrix Security is doing this extremely well, but also does some of the other stuff here. 5. JIT and granular policies for users and machines. P0 Security does this well from an access standpoint, Andromeda Security does this well from an auditing/workflow/scanning perspective. 6. Contextual access - requiring workloads to meet certain criteria before authorization. Aembit does this well. 7. Permissions boundaries - these aren't positioned as non-human identity protection, but they effectively do the same thing. Sonrai Security and InstaSecure are both doing good versions of this.

New pulse is live, this week talking about 5 common blind spots in security programs and some of the unique companies trying to solve them. I've spent the last few weeks really talking a ton about ASPM and CDR, so I wanted to highlight some areas I haven't talked about as much. These are: 1. Securing OAuth Connections - Astrix Security 2. Securing Third Party Data Flows - Riscosity 3. Security Features for your app - Pangea 4. Cloud Identity and Data Perimeters - Sonrai Security and InstaSecure 5. Open Source Maintainer Relationships - Tidelift https://lnkd.in/ew_qs-SM

Capture the Flag is winding down today Cloud Village in the Sandboxes at RSA Conference . Congrats to all the teams that participated and our winners! #RSAC #RSAC2024 #cloudsecurity

Come visit InstaSecure and Cloud Village in the Villages at the #RSAC Cloud sandbox today. Chill out with other cloud security enthuists & try your hand at the Capture the Flag!