Most organizations don’t have full visibility into what users can do in their cloud environment. They don’t know who can assume other identities to escalate privileges or which permissions they’d be able to achieve – a lack of insight that could put the business at risk.
Colin Estep, senior security researcher at Netskope, started researching potential security holes in Google Cloud Platform (GCP) about a year ago. In that time, he has sought to learn how more organizations can evaluate their full identity and access management (IAM) exposure to be able to answer the question: Do you know what all your users can do in your cloud environment?
“Overall, for any cloud platform that’s what’s been intriguing to me: asking this really basic question that nobody really has the answer to,” says Estep. “The answer to that is largely, ‘No, I…