Introduction Google Cloud offers a secure and efficient way to manage permissions and authentication through service accounts. These accounts are typically associated with GCP resources like Compute Engine instances, allowing them to securely access other Google Cloud services. But how can we abuse the service account credentials and use them...
Introduction In my work, I often meet clients who are struggling to stay ahead of their cloud security responsibilities. Imagine a small but growing tech company that recently migrated its infrastructure to Google Cloud Platform (GCP). They have a lean IT team, with only one or two engineers responsible for...
Introduction Interacting with GCP or integrating Terraform deployments securely and efficiently into your CI/CD pipeline requires careful consideration, especially regarding authentication and permissions. Direct Workload Identity Federation offers secure way to authenticate applications without relying on long-lived service account keys. By leveraging Workload Identity Federation, we can grant GitHub...
Introduction When it comes to cloud security, managing who has access to what is absolutely crucial. Organizations are constantly looking for secure ways to manage elevated permissions without compromising security. Google Cloud Platform's (GCP) new PAM product, Privileged Access Manager, solves the issue of handling temporary access to...
Introduced by Gartner in 2021, Cloud-Native Application Protection Platform promises a single pane of glass for all your cloud security needs. 🛡️ Imagine having all your security tools working together seamlessly, like the Avengers assembling to fight a threat! 💥 But what exactly is CNAPP, and how does it work? Let'...
Introduction Today, we'll be exploring a powerful feature that allows you to export GCP Security Command Center findings to Pub/Sub, and then effortlessly transform them via Cloud Functions for seamless integration with other systems. Understanding GCP Security Command Center 🧠Before we jump into the nitty-gritty details, let&...
