Sonrai | Enterprise Cloud Security Platform

A developer needs access to a storage account. The fastest fix is Contributor at the subscription level. The project wraps up, the access review never happens, and six months later that identity still holds broad write permissions across every resource in the subscription. The account might be dormant. Or it might belong to a service principal that was never offboarded.

Most Azure environments have a standing privilege problem, and it’s not really a security failure, it’s just how things go. An engineer gets access to do something, gets it done, and the access sticks around. Not because anyone made a call to keep it. Just because removing it felt risky, and no one had time to deal with it. Multiply that across hundreds of identities and a fe...

BLUF: Azure PIM converts always-on privileged role assignments into time-bound activations. Users request access, complete the required checks, do the work, and lose the role when the window closes. That’s the foundation of just-in-time privileged access in Azure.

—

Let’s establish the problem: most cloud environments have standing privile...

May’s new AWS permissions span compute networking, genomics pipelines, container orchestration, and external AI platforms. The service categories are varied, but the risk pattern is consistent.

The central theme for May is “Infrastructure Hijacking.” These permissions share a common attack path: each one either extends the reach of attacker-controlled infrastructure...

IAM Access Analyzer is a useful starting point for any team trying to enforce least privilege. It surfaces unused permissions, unused roles, unused access keys, and unused passwords across your AWS environment. For a feature that c...