Tom nails it, BYOC, by default is not more secure just because it's in the customer's cloud account. Just like self-hosted.
At worst, BYOC has a much bigger blast radius and can cause bigger vulnerabilities for customer workloads.
To offer BYOC, teams need to think beyond cross account permissions, and build tooling to dynamically push changes with toggleable, customer-controlled permissions and policy validation.
Disclaimer - I'm building Nuon, and we're building a security platform for BYOC deployments.
Tom nails it, BYOC, by default is not more secure just because it's in the customer's cloud account. Just like self-hosted.
At worst, BYOC has a much bigger blast radius and can cause bigger vulnerabilities for customer workloads.
To offer BYOC, teams need to think beyond cross account permissions, and build tooling to dynamically push changes with toggleable, customer-controlled permissions and policy validation.
Disclaimer - I'm building Nuon, and we're building a security platform for BYOC deployments.