Companies Mentioned
Why It Matters
Understanding that privileged access in the cloud is fundamentally a permissions problem reshapes how organizations design security controls, moving from cumbersome, error‑prone processes to automated, policy‑driven guardrails. This shift reduces standing privilege, accelerates developer workflows, and provides measurable protection against privilege‑escalation attacks, making it a timely solution for enterprises grappling with rapid cloud adoption and evolving threat landscapes.
Summary
In this episode, Cole Horsman, Field CTO at Sonrai Security, recounts his three‑year journey trying to apply shift‑left and just‑in‑time (JIT) models to cloud identity, ultimately concluding that both approaches failed because they target the wrong layer. He explains how traditional shift‑left relied on developers to predict permissions, leading to wildcard policies and standing privilege, while legacy PAM’s JIT focused on users or groups rather than the actual permissions, resulting in fragile, non‑expiring access. The breakthrough came with Sonrai’s Cloud Permissions Firewall, which enforces JIT at the native permission layer using tags and policy constructs, eliminating vaults, shared accounts, and MFA exceptions, and proving its effectiveness against real‑world attack paths. Horsman emphasizes that true cloud PAM must govern the full permission stack—account, role, service, and permission—to continuously enforce least‑privilege without bottlenecking development.
Shift Left Is Dead for Cloud PAM
Comments
Want to join the conversation?
Loading comments...