- AWS have Shared responsability model
- Least privileges
- aws has lot of certifications (ISO 2007, etc)s
- Authorization (iam)
- IdP (aws cognito, facebook, gmail)
- SAML, Oauth, OpenID
for who ones?
- large organizations
- segreation duties, costs, agillity
do we need it?
- administrative isolations?
- limited visibility and discovery of workloads
- limited and strong isolation for recoveries and/or auditing data?