Ermetic Addresses IAM Weaknesses in Multi-Cloud Environments
Ermetic's Igal Gofman and Noam Dahan discussed weak spots they observed in multi-cloud infrastructure environments at Black Hat USA 2022.
During a Black Hat USA 2022 session on Wednesday titled "IAM The One Who Knocks," Igal Gofman, head of research at Ermetic, and Noam Dahan, research lead at Ermetic, discussed weak spots they observed in multi-cloud infrastructure environments. The researchers broke down what AWS, Microsoft Azure and Google Cloud Platform (GCP) are implementing for identity and access management (IAM), its security approach and the risks involved.
One of those risks is the use of nonhuman identities, like tokens, to access devices and machines. During the session, Gofman warned that if companies are not careful, nonhuman identities can expose their infrastructure to new risks.
