This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 4.7 of Data Protection for Cloud Infrastructure
Why standing privilege is dangerous, JIT access patterns using STS AssumeRole and IAM Identity Center, session recording, break-glass procedures, and PAM metrics.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
AWS IAM Identity Center Time-Bound Access
AWS documentation on JIT and time-bounded access using IAM Identity Center.
CyberArk Privileged Access Management
CyberArk guidance on PAM architecture for cloud environments.
NIST SP 800-53: Privileged Account Management
NIST SP 800-53r5 AC-2(3) and AC-6 controls covering privileged account management.
Teleport: Open-Source PAM for Cloud
Teleport open-source documentation for JIT access, session recording, and audit in cloud.
Quadrant 4 · Self-Assessment
Data Protection in the Cloud
Envelope encryption, AES modes, post-quantum cryptography, tokenisation, PKI, key management models, and IAM.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.