New AWS Policy Type Unlocks Third-Party Access Control - Here’s How
Event Details
Date & Time:
11.22.2024
New AWS Policy Type Unlocks Third-Party Access Control – Here’s How
Register Now
Third-party access is an underserved attack vector in AWS. It’s particularly hard to defend against, as guardrails like SCPs don’t apply to external identities, so there’s no central control. It’s also particularly risk-prone, as it’s easy to lose track of and often over permissioned, either from third-party access needs or lack of governance. Wiz reports 82% of companies unknowingly give 3rd parties access to all their cloud data, while Datadog warns that third-party access is the main vector for Confused Deputy attacks. Third parties tend to hang around with no structured offboarding; tracking them is the responsibility of a single person who forgets them in time.
Thanks to AWS’s recent innovation of Resource Control Policies (RCPs), you can now control third-party access risk in one place. RCPs are a new policy type that applies to the resources instead of principals, keeping identities outside an account from violating central access guidelines.
Sonrai has worked with AWS to fold RCPs into the Sonrai Cloud Permissions Firewall, extending permissions security from services, regions, and unused identities to third parties. RCPs might be new, but we’re experts in how they work!
In this webinar, we’ll cover:
- How Sonrai uses RCPs to extend permissions control to third parties
- What Resource Control Policies (RCPs) are
- How RCPs change what you can control in AWS
- How to use RCPs to govern data access
