Speakers: Rich Dandliker – Veza & David Tyburski – Wynn Resorts
Date: Wednesday, May 31, 2023
Location: ARIA Resort & Casino | Las Vegas, NV
Description: Everybody wants Least Privilege, so why does nobody achieve it? The scale and distribution of the modern data and SaaS landscape has made it impossible to see or fix millions of permissions granted across hundreds of RBAC systems. As a result, companies accumulate unnecessary permissions (“privilege sprawl”), opening new attack surfaces for breach, insider threats, IP theft and ransomware. In this session, we’ll explore the most common types of hidden and over-privileged access with local users, local roles, privileged accounts, mislabeled groups, and machine-to-machine permissions. While IGA tools are helpful for provisioning, we’ll examine how IGA tools can leave blind-spots in security, regulatory compliance, and audits. Identity and security professionals are shifting their focus from authentication to authorization, with an interest in mapping identities and detailed permissions at the resource level. We’ll consider the merits of the two different architectures to authorization (inline vs out-of-band), and we’ll look at examples of progressive companies using new strategies to find and fix over-privileged permissions. New tools for automating access governance are making it possible to achieve “continuous compliance” and a least privilege posture for data wherever it lives. We’ll wrap up with stories from a real-world enterprise, Wynn Resorts, to provide a practical example of how they are thinking about these problems and driving towards a solution.