We’re proud to announce that Cloud Security Partners will be forking and maintaining Cloudsplaining, the popular cloud IAM tool. Open source and giving back to the community are very important to us and something we try to do often via contributions and free training!
The cloud security community has built some amazing tools from Prowler to Parliment and obviously, Cloudsplaining. Cloudsplaining plays an important role in that it gives security teams insight into their IAM policies and possible misconfigurations. During our security assessments, misconfigured IAM is one of the most common findings we see. From overly privileged policies to data exfiltration methods, we see a large number of misconfigurations that can subtly allow malicious insiders or outsiders to access data.
Recently, Salesforce where Cloudsplaining was originally developed by Kinnaird McQuade, archived the repository, meaning there will be no more updates or maintenance. We’ve decided to take on a fork of the repository and ongoing maintenance and new features. We have pulled together a team of passionate open source developers and we’ll be funding ongoing development. We look forward to continuing the great work by the team that’s maintained Cloudsplaining and working with anyone else that wants to help with the maintenance and development. And, of course, it will always be open source and free!