Keeping your cloud environments secure during a merger or acquisition
Isaac Lepow
fwd:cloudsec North America 2025 · Day 2 · Track 1 - Crystal
Isaac Lepow delivered a practitioner-focused walkthrough of the cloud security pitfalls that emerge during mergers and acquisitions, drawing from direct experience with three acquisitions at a previous role. The talk covers specific operational landmines in **AWS** and **GCP** organization-level services that can silently break access, disrupt security monitoring, or create unmonitored access paths during account migration. Lepow also addresses the broader organizational dependencies — SSO providers, CI/CD pipelines, log management systems — that create a web of interconnected risks when two cloud environments are merged.
AI review
A documentation walkthrough of M&A cloud migration gotchas in AWS and GCP. Useful as a checklist for someone going through their first acquisition, but there's no original research, no tooling, no exploitation, and most of the content is a narration of existing vendor documentation. The GuardDuty legacy invitation trap is the most interesting finding and even that's in the docs if you know where to look.