Introduction to IAM in Google Cloud Platform (GCP)
An introduction for anyone getting started with GCP or even experienced professionals who are looking for a structured overview.
By Lior Zatlavi
Hidden Risk in the Default Roles of Google-Managed Service Accounts
Some Google-managed service accounts are binded by default to a role granting access to storage.objects.read. This hidden risk is (yet…
By Lior ZatlaviLatest
Securing Your Cloud with Zero Trust and Least Privilege
Zero trust could be the solution for your modern security perils. Read on to discover what zero trust and least…
By Ermetic Team
Verizon’s Data Breach Report – Insights for Cloud Security Professionals
Select highlights from Verizon’s recent Data Breach Investigations Report (DBIR) that may interest cloud security professionals – and suggested actions
By Ermetic Team
How to Operationalize a Cloud Security Solution
How to successfully operationalize your cloud security solution in 4 easy steps – and why fast and effective operationalization matters
By Ermetic Team
Cloud
See all
Lessons Learned in Cloud Security from Lapsus$ Surfacing
Cloud security practitioners can learn about the best practices that reduce the threat of cyber attacks from groups like Lapsus$.
By Ermetic Team
7 Cloud Security Trends That May Impact Your Cloud Security Planning
From leading CSPs to growing interest in multicloud, here’s what’s trending in measurable search traffic around cloud security – and…
By Ermetic Team
3 Cloud IAM Security Questions You Must Be Able to Answer
It doesn’t matter if it’s AWS, GCP or Azure IAM, cloud deployment is redefining the work of IAM professionals
By Ermetic Team
AWS
See all
Access Undenied on AWS
Ermetic is launching a new open-source tool: Access Undenied on AWS. The tool parses AWS AccessDenied CloudTrail events, explains the…
By Noam Dahan
Keep Your S3 Safe from CloudTrail Auditors
AWSCloudTrailReadOnlyAccess currently allows s3:GetObject for “*” and s3:ListAllMyBuckets – and reading CloudTrail logs may also give access to bucket object…
By Lior Zatlavi
Testing the Waters: First Impressions of CloudTrail Lake
Our first impressions of AWS’s new managed audit and security lake that allows you to aggregate, immutably store, and query…
By Noam DahanAzure
See all
Access Keys: An Unintended Backdoor-by-Design to Azure Storage Accounts Data
The importance of understanding the assignments of Azure resource roles when giving permissions.
By Lior Zatlavi
The ABCs of Azure Identity Governance Tools
The main Azure mechanisms for governing identities and providing access permissions.
By Lior Zatlavi
Deconstructing Azure Access Management using RBAC
The basics of Azure RBAC — the main mechanism in Azure for granting permissions to resources.
By Lior Zatlavi
GCP
See all
The Advanced Risk of Basic Roles In GCP IAM
Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using…
By Lior ZatlaviIntroduction to IAM in Google Cloud Platform (GCP)
An introduction for anyone getting started with GCP or even experienced professionals who are looking for a structured overview.
By Lior Zatlavi
The GCP Shared Responsibility Model: Everything You Need to Know
What the GCP Shared Responsibility Model is and how security teams can get started
By Ermetic Team