AuthZ in (Cloud) Apps: Everything You Wanted to Know and Didn’t Know You Should Ask

When it comes down to it, authorization (access control) mechanisms are the most important protection for data in most cloud apps (SaaS & IaaS). CASBs do a great job in service discovery and high level protections (somewhat like a firewall in the traditional sense) but when it comes down to the actual in-app actions (endpoint security? ;P) they are understandably lacking because this is not their focus. The likelihood that an attacker will login, with valid credentials and from a valid looking device, to your cloud app is approx. 100% – at which point the CASB is almost rendered irrelevant. The one thing that should protect you in this situation are the different cloud app providers’ access control mechanisms which you should manage based on the “shared responsibility model”. So these mechanisms should make sense and management should be easy, … right? ๐Ÿ™‚

In this talk I will aim to share results from my ongoing research on cloud apps access control mechanisms:

  1. The basic elements and decisions that affect access control capabilities
  2. Real world examples of such mechanisms and how hard it is to predict the behavior in products of leading vendors (such as Google)
  3. Discuss how to design and asses access control mechanisms

Location: Track 2 Date: April 24, 2020 Time: 10:30 am - 11:30 am Gal Diskin