Inviter Threat: Managing Security in a new Cloud Deployment Model
Meg Ashby
fwd:cloudsec North America 2025 · Day 1 · Track 2 - Crestone
Meg Ashby, from the late-stage fintech compliance startup Alloy based in New York City, returned to fwd:cloudsec for her second year to present on the security challenges of **Bring Your Own Cloud (BYOC)**, an increasingly popular deployment model where the customer provides the cloud environment and the service provider manages resources within it. The talk walked through a structured framework for evaluating whether BYOC is appropriate for your organization, the real-world deployment pitfalls Alloy encountered, and the mitigating controls -- from SCPs and RCPs to private link integrations -- that make the model workable. This is a practical governance talk for organizations facing the decision of whether to adopt BYOC and, if so, how to do it without sacrificing security posture.
AI review
A governance and architecture talk about managing third-party vendor access in AWS through the Bring Your Own Cloud model. Zero offensive content, zero vulnerabilities, zero exploits. The operational lessons about Terraform state conflicts and EKS access tooling failures are mildly interesting as war stories, but there's nothing here for anyone on the offensive side of the house.