Hi there and welcome back!

Last week I talked about CIEM and why tools like IAM Access Analyzer matter for understanding who has access to what in your cloud environment. This week, I want to talk about a different tool entirely.

The Scenario

A healthcare startup is scaling fast. They have a primary database holding patient records, properly encrypted, properly access controlled, everything by the book.

But the data team also spins up a few S3 buckets for analytics exports. A developer copies a sample dataset into a test environment to debug an issue. A third party integration pulls a snapshot of customer data into a staging bucket that nobody remembers to clean up.