Automating Trust in Cloud Environments

AWS IAM in Enterprise Environments: Designing Secure, Scalable, and Auditable Access Controls Managing Identity and Access Management (IAM) at scale on AWS requires more than creating roles and policies—it demands least privilege enforcement, continuous monitoring, and automation to keep infrastructure secure and compliant. In a recent multi-account AWS project, I designed a centralized IAM governance framework to control identities, workloads, and permissions across EKS clusters, serverless workloads, and hybrid on-prem integrations. Key Implementations: IAM Architecture at Scale: Used AWS Organizations + SCPs to enforce org-wide security boundaries while isolating environments (dev, staging, prod) at the account level. Least Privilege Model: Built fine-grained IAM policies using condition keys, resource-level constraints, and time-based access restrictions. Federated Authentication: Integrated AWS IAM Identity Center (SSO) with Azure AD for workforce identities and implemented Workload Identity Federation for Kubernetes, avoiding static access keys. Automated Permission Management: Integrated CI/CD pipelines with Terraform to provision IAM roles, policies, and trust relationships, embedding policy validation checks via terraform-compliance and checkov. Privilege Escalation Prevention: Monitored IAM roles using IAM Access Analyzer and CloudTrail Insights to detect unused permissions, privilege escalation paths, and policy drift. Secrets and Key Management: Centralized credentials in AWS Secrets Manager and KMS with automatic rotation, encrypting sensitive data at rest and in transit. Compliance & Auditing: Streamlined evidence gathering for SOC2, HIPAA, and ISO 27001 audits using CloudTrail, Config, and Access Analyzer to produce real-time reports on identity activity. Outcome: We achieved zero standing admin privileges, automated IAM provisioning, and reduced manual access requests by 80%, all while maintaining audit readiness and improving operational security posture. #AWS #IAM #CloudSecurity #DevOps #SRE #InfrastructureSecurity #AccessManagement #AWSOrganizations #Kubernetes #Terraform #SecretsManager #CloudTrail #PlatformEngineering #CloudGovernance #OpenToWork #C2C #C2H #JobSearch

Pattern Labs and Anthropic have published a highly detailed technical paper outlining how to protect both user data and model IP during AI inference using Trusted Execution Environments (TEEs). If you are building or deploying GenAI in sensitive environments, this report is essential. Key takeaways: • Describes two confidentiality models: protecting model inputs and outputs, and protecting model weights and architecture • Explains how TEEs provide security through hardware-enforced isolation and cryptographic attestation • Covers implementations across AWS Nitro Enclaves, Azure Confidential VMs, and GCP Confidential Space • Examines support for AI accelerators such as NVIDIA H100 using either native or bridged TEE approaches • Provides analysis of over 30 risks including KMS misconfiguration, supply chain compromise, and insecure enclave provisioning Who should care: • Cloud AI service providers offering inference APIs • Enterprises using LLMs to process sensitive or regulated data • Model owners deploying high-risk or frontier models with SL4 or SL5 confidentiality requirements What stood out: • Practical coverage of Bring Your Own Vulnerable Enclave (BYOVE) risks • Focus on reproducible builds and open-source auditability to ensure enclave integrity • Clear guidance on KMS design, model provisioning, and runtime isolation to prevent data leakage One action item: Use this report as a design and threat modeling checklist for any confidential inference deployment. Start by securing your enclave build process and verifying the trust chain of your model provisioning workflow. #ConfidentialComputing #GenAI #AIInference #LLMSecurity #TrustedExecution #ModelProtection #AIPrivacy #Anthropic #PatternLabs #SecureInference #ZeroTrust #CloudSecurity

As security engineers, we spend countless hours writing scripts, building dashboards, and chasing drift across fleets of EC2 instances and Kubernetes clusters, all in the name of “continuous compliance.” But what if instead of reacting to drift, we proactively queried our infrastructure the same way a language model queries a knowledge base? That’s the promise behind deploying a Model Context Protocol (MCP) server on AWS, a way to let AI agents securely ask “Is AIDE configured for host integrity?” or “Are EKS nodes enforcing FIPS-compliant ciphers?” and get structured, testable answers in real time. This isn’t about using LLMs to replace auditors. It’s about turning security questions into machine-verifiable actions: checking whether auditd is configured with immutable logs, confirming whether VPC microsegmentation rules align with Zero Trust, or ensuring CloudWatch is alerting on unauthorized config changes, all through declarative MCP interfaces. When deployed correctly, MCP could potentially become a middleware for security posture validation. On AWS, for example this means marrying IAM roles, signed task runners, and context-aware policies to let agents check config states without over-permissioning. Imagine an LLM automatically validating that a hardened AMI hasn’t diverged from your CIS/STIG baseline, or flagging missing log forwarding on a new K8s namespace. This is more than automation. It’s about turning security into a queryable surface, where evidence, not effort, drives assurance. 🔗 How to securely run Model Context Protocol (MCP) servers on the AWS Cloud using containerized architecture: https://lnkd.in/eiEhR527 🔗 Guidance for Deploying Model Context Protocol Servers on AWS: https://lnkd.in/er6r6Pxw

The Cloud Security Alliance just published my framework for governing AI agents. It's called the Agentic Trust Framework. And here's why it matters: Every AI agent in your environment can reason, learn, and take action on its own. Your security framework was built for humans who follow rules. Traditional security assumes: ✔️ Predictable user behavior ✔️ Deterministic system rules ✔️ Binary access decisions ✔️ Trust established once AI agents break every one of these assumptions. Every. Single. One. Don't stop building AI agents. But it's important you're considering a few things to keep them secure. I built a governance model around five questions every organization must answer for every agent: ✔️ Who are you? (Identity) ✔️ What are you doing? (Behavior) ✔️ What are you eating and serving? (Data Governance) ✔️ Where can you go? (Segmentation) ✔️ What if you go rogue? (Incident Response) Plus a maturity model where agents earn autonomy over time. Intern to Principal, just like your human employees. It's open source. CC BY 4.0. And ready to implement. The link's in the comments.

🔐 Unlocking Cloud Security: Introducing Automated AWS Key Rotation in CipherTrust Cloud Key Management (CCKM) from Darshana Manikkuwadura (Dash) I provide an in-depth exploration of how the latest Amazon Web Services (AWS) Key Rotation capability in Thales CipherTrust Cloud Key Management (CCKM) is transforming cloud-native security for modern enterprises. As organizations face increasingly sophisticated cyber threats and rising regulatory demands, the need for automated, scalable, and auditable key management has never been more urgent. The article explains why cryptographic key rotation is a foundational security practice, reducing exposure windows, strengthening compliance alignment, and ensuring long-term data protection across distributed cloud environments. It highlights how the new Amazon Web Services (AWS) Key Rotation feature in CCKM automates the entire lifecycle of Amazon Web Services (AWS) KMS keys—allowing security teams to define rotation schedules, manage keys across accounts and regions, and generate audit-ready logs with minimal operational overhead. The article also delves into the powerful AWS Key Discovery Tool, which helps organizations uncover key sprawl, identify dormant or orphaned keys, and centralize governance for thousands of cryptographic assets. Through detailed insights, practical examples, and a cloud security expert’s perspective, the article demonstrates how Thales and Amazon Web Services (AWS) together enable stronger data sovereignty, operational efficiency, and zero-trust alignment. It is an essential read for CISOs, cloud architects, security engineers, and compliance leaders shaping their cloud security strategy for the future. #CloudSecurity #DataSecurity #CyberSecurity #Encryption #KeyManagement #AWS #AWSCloud #AWSKMS #Thales #ThalesCipherTrust #CCKM #CloudCompliance #DataSovereignty #ZeroTrust #InfoSec #CyberResilience #SecurityAutomation #MultiCloud #HybridCloud #CloudGovernance #DigitalTrust #SecurityArchitecture #CloudStrategy #EnterpriseSecurity #RiskManagement #CISO #CloudInnovation #SecurityEngineers #CloudTransformation #CyberDefense #darshanamanikkuwadura Darshana Manikkuwadura (Dash)

Ever felt like your Security Team is the biggest bottleneck? You shouldn’t have to choose between speed and safety. As teams scale across multiple clouds, I often see the same pattern repeat — 🔸 Legacy, perimeter-based security models fail in dynamic cloud setups. 🔸 Manual audits create friction between security and developers. 🔸 Cloud misconfigurations sneak in faster than they can be caught. The result? Increased vulnerability risk and frustrated teams. So how did we solve it? By embedding Security as Code directly into the DevOps pipeline — building a Zero-Trust, automated SecOps framework that shifts security left. Here’s what worked 👇 ✅ Policy as Code (OPA): Automated compliance enforcement at every commit. ✅ Identity-Centric Access: IAM redesigned with integrated Vault secrets — no more network-based trust. ✅ Continuous Visibility: Implemented CSPM for real-time multi-cloud governance. 💥 The outcome: ➡️ 75% reduction in cloud vulnerabilities — in just one quarter. ➡️ CI/CD velocity fully preserved. ➡️ Developers now see security as an enabler, not a blocker. Security shouldn’t slow you down — it should scale with you. If you’re adopting or modernizing Zero-Trust, now’s the time to bring automation and visibility together. #SecOps #ZeroTrust #CloudSecurity #ShiftLeft #PolicyAsCode #CSPM #DevSecOps #IAM #Automation #SecurityByDesign

Running air-gapped or regulated environments? Then this is for you. 🤔 What do your workloads actually trust? 🧑🏫 Context In most Kubernetes platforms, trust is implicit: ➡️ Public CAs ➡️ OS trust stores ➡️ Whatever the container image ships with That doesn't fly in air-gapped or NIS2-aligned environments. You need to control the root of trust. 👷 With Welkin's Custom Root of Trust ➡️ Define which CAs are trusted (internal, public, or both) ➡️ Distribute trust bundles across the platform ➡️ Automatically inject them into workloads Yes, even your application Pods. ✨ Why it matters ➡️ Works in fully air-gapped environments ➡️ No hidden trust from base images or external defaults ➡️ Consistent trust across platform and workloads ➡️ Clear audit story: "this is exactly what we trust" No surprises. ⬇️ Link to documentation in the first comment ⬇️ #CloudNative #Kubernetes #InformationSecurity #PlatformEngineering #nis2

When AI moves from answering questions to taking actions, the security conversation has to change. SAP's agentic AI architecture — Joule, Agent Runtime, the MCP protocol, and the growing network of Joule Agents — introduces a new class of autonomous actor in the enterprise. Unlike traditional automation where every step is predetermined, agents reason, plan, and decide which tools to invoke at runtime. That's powerful — and it creates a fundamentally different threat surface. I mapped the end-to-end component flow and the security controls at each layer: 1️⃣ Business User → Identity & session (SAML2/OIDC, RBAC) 2️⃣ Agent Runtime (MCP Client) → Action boundaries, scoped tokens, human-in-the-loop 3️⃣ LLM Inference (SAP AI Core) → Container isolation, content filtering, data masking, no customer data used for model training 4️⃣ MCP Server → JSON-RPC schema enforcement, transport encryption 5️⃣ Allowed Tools List → Policy-controlled allowlist (design-time), scope restrictions 6️⃣ Integration Suite / API Management → API governance, rate limiting, anomaly detection 7️⃣ SAP Cloud Application → Principal propagation, 4-eyes principle (SoD), audit logging Defense in depth is the point: the user never calls the LLM directly, agents can't exceed their configured tool scope, and principal propagation maintains the user's identity across every trust boundary. Diagram in the comments shows the full flow with controls mapped to each component. #SAPBusinessAI #AgenticAI #Joule #SAPCommunity #EnterpriseAI #MCP #TrustBoundaries #AIGovernance #CISO #IntegrationSuite

The fastest-growing identity in most enterprises today… isn’t human. It’s non-human. Service accounts. APIs. Bots. Workloads. Automation scripts. SaaS integrations. AI agents. They now outnumber human identities in many environments by a wide margin — and they often have persistent, over-privileged access that rarely gets the same level of scrutiny. From a security and risk perspective, this is a massive blind spot. We’ve spent years maturing controls around human identity: ✔️ MFA ✔️ Conditional access ✔️ Phishing awareness ✔️ Access reviews But non-human identities? Often: → Hardcoded credentials → Excessive permissions → No ownership → No lifecycle management → Limited monitoring In other words, highly trusted access… with minimal governance. As organizations accelerate cloud adoption, DevOps, AI automation, and API-driven architectures, non-human identities are becoming foundational to business operations. Which means they are also becoming a prime target for attackers. Compromise a user account and you get access. Compromise a non-human identity and you often get persistence, scale, and stealth. This is where many traditional IAM programs fall short. Securing non-human identities requires a shift in mindset: • Treat machine identities as Tier 0 assets when appropriate • Enforce least privilege for service accounts and workloads • Implement strong secrets management (no embedded credentials) • Rotate keys and tokens automatically • Monitor behavioral anomalies, not just login events • Establish clear ownership and lifecycle governance • Extend Zero Trust principles to workloads, not just users From a CISO and risk leadership perspective, this is not just an IAM issue. It is an enterprise risk issue. Because in modern environments, identity is the new perimeter — and that perimeter is increasingly non-human. If we continue to secure only people while ignoring machine identities, we are protecting the front door while leaving the server room unlocked. The organizations that mature their Non-Human Identity (NHI) governance now will be far better positioned to manage risk in an AI-driven, automated, and highly integrated future.

🚨 I wrote a practical guide on Zero Trust Security for Cloud-Native Applications As cloud environments grow more complex, traditional perimeter-based security is no longer enough. That’s why many organizations are moving toward Zero Trust Architecture — a model built on continuous verification, least privilege, and strong identity-based access. To better understand how this works in real environments, I put together a practical implementation guide focused on cloud-native systems. What the guide covers 🔹 Core Zero Trust principles and architecture 🔹 Identity-centric security and access control 🔹 Secure service-to-service communication 🔹 Microsegmentation strategies 🔹 Protecting APIs and cloud workloads 🔹 Monitoring, logging, and continuous verification 🔹 Real-world implementation considerations The goal was simple: Create a clear, structured resource that connects Zero Trust concepts with practical cloud implementation. Cloud-native environments introduce new attack surfaces — containers, APIs, service meshes, and distributed workloads. Security architectures need to evolve with them. If you’re working in cloud security, DevSecOps, or platform engineering, I hope this guide can be useful. 💬 I’d also be curious to hear: Where do you see the biggest challenge when implementing Zero Trust in cloud environments? #ZeroTrust #CloudSecurity #CyberSecurity #DevSecOps #CloudNative #SecurityArchitecture #Kubernetes #APIsecurity #IdentitySecurity