I had a few hours to kill last week and I chose to catch up on my movie list. At the top of the list was a newly released movie, “I, Robot”. Yes, I know, it was released a decade ago. I’m that late. I don’t recall watching a movie that’s used the words “Authorization granted”, “Authorization denied”, or its variations so many times. It felt like watching an IAM training video. Enough said, on with the latest in the AuthZ world.
Conferences & Events 🎤
fwd:cloudsec North America just took place on June 17-18, 2024 in beautiful Virginia (Virginia is for lovers I’m told). They’re contributing videos from the talks online. Tune to the playlist on their YouTube channel for more content. And if you’d like to contribute to their first-ever EU edition on Sep 17, 2024 in Brussels (Belgium is for Beer Lovers), you can speak: the CFP is open until the end of this week (on Jun 28, 2024). 📅
As previously mentioned in last week’s edition, AWS re:Inforce took place on June 10–12, 2024, in Philadelphia. Tune to AWS Security Digest #162 for a summary of both re:Inforce and fwd:cloudsec (or how to 🔪🐦🐦🪨). There were 👽sightings too…
(credit: Jeff Lombardo)
M&A Update 💸
Quite a bit of activity this past week - this summer looks quite ☀️indeed.
As seen in HackerNoon, ZITADEL Secures $2.5M to Enhance its Developer-First, Open-Source Identity Management Platform. And it’s not just IAM, folks. You can also implement Fine-Grained Authorization With ZITADEL .
Fortinet announced it would acquire Cloud Security Unicorn Lacework to bolster its SASE Platform (Secure Access Service Edge).
Bloomberg just revealed AI Security Startup Cyberhaven has raised $88 Million in New Funding.
And lastly, Tenable To Acquire Cloud Data Security Startup Eureka.
Open Source & Tooling 🛠️
CloudCommotion was open-sourced at fwd:CloudSec by securityrunners.io. If you’re bored and the warm summer afternoons are easing you into a false sense of security, look no further. The project’s github claims:
Cloud Commotion intends to cause chaos to simulate security incidents
That should keep everyone on their toes. Maybe they should’ve called it “Ferris Bueller’s Day Off”.
YetiHunter: Open-source threat hunting tool for Snowflake ❄️ environments was open-sourced by Permiso: YetiHunter is a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise.
Webinars, Podcasts & Blog Posts 📑
ICYMI, Cerbos’ Co-Founder & CPO, Alex Olivier delivered a fantastic podcast alongside his colleague Dan Maher (DevRel): the Business case for externalized authorization. It reiterates many of the points we have collectively stressed: external authorization offers a scalable and flexible solution to meet diverse business needs while meeting internal requirements.
If, like me, you learn by trying out for yourself, head over to Omri Gazitt’s blog post where he explains explains how to build custom roles for your SaaS application with Topaz. Sample github repo and pretty pictures included.
Last, but not least, my peer & co-conspirator Alex Babeanu (CTO at 3Edges) and I will spar tomorrow in a webinar hosted by Permit.io. Tune here for the live event.
AI News 🤖
If you’re afraid, like Will Smith in I, Robot, of AI (but you love Converse 👟 and Grandma’s pies), then check out Databricks’ AI Security Framework (DASF). The aim is to provide a defense-in-depth approach to securing AI. And speaking of AI, This American’s Life episode 832 has a great section on the perils of AI (skip to act 2):
Apple Security Research is proud to bring to you: Private Cloud Compute: A new frontier for AI privacy in the cloud.
Your mission, should you accept it🕴️💼
US Federal government’s Login.gov: Deputy Director role is coming up on the job market. Login.gov is the public’s one account for government, simplifying access to government benefits and services for members of the public by enabling them to reuse one secure account across government agencies, and improving the security of government systems by enabling agencies to leverage a shared technology service to provide strong authentication and identity verification services to their customers.
Thanks and see you all next week!