Rich Mogull

FireMon.com

A smidge over a year ago I wrote the Grand Unified Theory of Cloud Governance. It’s a concept I’ve been playing with for about 5 or 6 years to try ... Read More

I’ve been employed as a security professional for over 20 years. I cannot possibly count the number of times I have uttered the words “least privilege”. It’s like a little ... Read More

One of the toughest lessons I’ve learned as I’ve spent over a decade of my life helping organizations build cloud security programs is how it’s governance, not technology, that’s the real challenge. Yes, the cloud is a dark box full of invisible technical razor blades, but those are manageable with ... Read More

AWS permission boundaries are confusing. I know they are confusing because they confused me, and it took me a couple years to figure them out. I also know they are confusing because Corey Quinn said so, and asked for someone to make them less confusing. AWS Copilot, a CLI for ... Read More

Rule number one in cloud security is, “thou shalt use MFA at all times”. Why? Well, when you move to public cloud computing you essentially take all your administrative interfaces, consolidate them into a single portal or API, and then… put them on the Internet protected with a username, password, ... Read More

It’s Thursday afternoon and you’re getting ready to leave work a little early because… you can. But then that pesky Deliverer of Notifications (also known as Slack) pops off a new message in your security alerts channel: Well, darn. Someone just made a snapshot of a storage volume public. Is ... Read More

It’s become common knowledge that, in cloud, “identity is the new perimeter”. It’s a nice phrase that’s easy to toss into a presentation or an article, but turning it into actionable guidance is a little tougher. Today I want to focus on just one aspect of cloud IAM I call ... Read More