Kill standing privileges: Implementing cloud-native JIT for K8s, AWS, and GCP

Static, long-standing privileges are the primary vector for lateral movement in the cloud. For platform engineering teams, the traditional fix of manual least privilege is a non-starter because it breaks CI/CD pipelines and frustrates developers. This session demonstrates how to move to a zero standing privilege (ZSP) architecture without deploying heavy proxies or jump boxes. It examines the mechanics of using cloud-native policy controls to put unused sensitive permissions behind a request-and-approve barrier.

• Technical breakdown: The architecture of enforcement uses native cloud controls like SCPs, RCPs, and K8s admission controllers as an automated gate rather than a manual key.
• Developer experience (DevX): Approvals move out of ticketing systems and into ChatOps (Slack or Teams) to maintain deployment velocity.
• Live demo: A 5-minute technical walkthrough shows a developer requesting elevated access, receiving approval, and having those permissions automatically revoked.

The takeaway is that platform teams can eliminate the risk of unlocked internal doors while reducing friction for their engineering teams.