The dangers of role-based access control (RBAC)
Вставка
- Опубліковано 10 лип 2024
- Balaji Parimi, founder and CEO of CloudKnox Security, discusses the current problems with role-based access control and how access control is evolving to become more secure.
- Join the fight against cybercrime: infosecinstitute.com
- Special offer for Cyber Work listeners: www.infosecinstitute.com/podcast
In the podcast, Parimi and host Chris Sienko discuss:
- When did you first get interested in computers and security? (1:16)
- What does CloudKnox offer its clients and what is its role in the cybersecurity landscape? (2:13)
- What is role-based access control? How does it work, and how is it meant to be used to protect your network? (8:02)
- What are the upsides of using RBAC? If done well, can RBAC still be an effective method of controlling access? (9:20)
- How do we start pulling back from the default setting of giving all employees all the privileges as a matter of convenience and customizing privileges according to the needs of the position? (11:10)
- What are some of the issues involving high-risk privileges? (12:05)
- What is the role of non-human identities? Do things like service accounts that connect to modular coding components, microservices, software containers and APIs feed into this issue? (14:46)
- What is the actual time and resource commitment that a company would need to undertake to reform its privilege levels? (16:20)
- Does there need to be outreach to organizations to let them know that over-privileging users is a problem? (18:07)
-If these issues of over-provisioning aren't solved, what's a safer alternative? Is there one on the horizon? (21:30)
- Under a new, safer system, would privileges be requested and gained in the moment as the task requires them? (22:11)
- What types of hands-on experience, education and certs would you recommend for people looking to work in access control and provisioning? What job titles and positions should they move through on their way to this area? (23:21)
- Are there hands-on exercises you can use to learn how privileging works without actually being employed to do the work? (25:28)
- Where do you see this trend of over-privileging identities going in the years to come for identity and access control? (26:43)
- If listeners want to learn more about you or CloudKnox, where can they go online? (28:47)
Want to hear more conversations like these? Subscribe to the Cyber Work Podcast:
- Apple Podcasts: podcasts.apple.com/us/podcast...
- Google Podcasts: podcasts.google.com/?feed=aHR...
- Subscribe on Android: subscribeonandroid.com/resour...
- Spotify: open.spotify.com/show/4cLhlbH...
About Infosec
At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day - equipping everyone with the latest security skills so the good guys win.
Learn more at infosecinstitute.com. - Наука та технологія
Use code "cyberwork" to get 30 days of free training with Infosec Skills:
-Go here: www.infosecinstitute.com/skills/
-Click the "Get Started" button under monthly ($34) and create your account
-On the payment page, enter the coupon code "cyberwork" to get your first month free
These videos are very useful.
love it ! IAM
Great video! Since he didn’t answer specifically, is there a way to ask again what types of certifications or job titles would help someone looking to build a career in identity and access management?
Sure. If you're fairly new to cybersecurity, CompTIA's Security+ covers identity and access management as one of it's six domains: resources.infosecinstitute.com/category/certifications-training/securityplus/sec-domains/
It's also covered by more advanced certifications, like CISSP. Here's one of the courses we offer on access control, if you're looking for training: www.infosecinstitute.com/skills/courses/access-control-fundamentals-2/
25:00