Attend OSINT Summit for FREE on Feb 11-12 and enjoy expert talks on the latest techniques and tools for gathering and analysis.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Mitigate Access Risk by Enforcing Least Privilege in Cloud Infrastructure

  • Wednesday, September 16, 2020 at 1:00 PM EDT (2020-09-16 17:00:00 UTC)
  • Arick Goomanovsky, Dave Shackleford


  • Ermetic

You can now attend the webcast using your mobile device!



IaaS/PaaS applications contain thousands of identities, resources and permissions. Simply understanding which permissions are available to each identity whether human or machine is challenging. At the same time, developers tend to grant broad entitlements, resulting in permission creep which is very difficult to eliminate in production. As many as 90% of these permissions are unused, excessive, and a tremendous risk to the environment. And of course, entitlements are managed differently across AWS, Azure, and GCP. In fact, according to Gartner, 75% of cloud security failures will result from inadequate management of identities, access and privileges by 2023.

In this webinar, SANS and Ermetic will discuss the challenges and best practices for achieving least privilege in cloud infrastructure environments. We will also demonstrate practical use cases for reducing some of the most common access risks.

Attendees will learn how to:

  •    Understand the factors that impact entitlements in cloud infrastructure
  •    Analyze the access permissions in your environment
  •    Identify and remediate excessive privileges
  •    Harden configuration to reduce access risk
  •    Build a scalable, repeatable process for enforcing least privilege

Speaker Bios

Arick Goomanovsky

Arick is a tenured business leader with two decades of experience in strategy, technology, research, and leadership in government and the private sector. Prior to founding Ermetic, Arick was a co-founder of Sygnia Consulting, a cyber consulting and incident response firm which was acquired by Temasek Holdings for $250M. Before Sygnia, Arick worked at McKinsey & Company in London, where he focused on strategy and operations. He served for 15 years in the IDF Intelligence Corps Unit 8200, where he held senior leadership positions from research to leading hundreds of cyber R&D experts. He received several awards for his unique contributions to national security. Arick earned a BSc in exact sciences (Talpiot program, cum laude), an MSc in mathematics from Hebrew University, and an MBA (cum laude) from INSEAD.

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.