As organizations deploy new cloud environments and services, they introduce thousands of identity-based permissions that must be securely configured and continuously managed.
At the same time the number of users and applications with privileged access – including both human and machine identities – skyrockets. Additionally, the cloud environments are always changing and this combined with more privileged access makes the cloud more challenging to secure.
Whenever possible the attackers go after the privileged credentials. These credentials are exploited by bad actors, whether external attackers or malicious insiders to take control of critical IT infrastructure and applications and to gain access to confidential business data.
Gartner states that, “by 2022, 90% of organizations will recognize that mitigation of Privileged access management risk is a fundamental security control”
You need to counter their attacks with solutions that manage and secure your privileged credentials. Through next-generation privileged access management (PAM), you can seriously mitigate and prevent future data breaches.
Gartner states, “privileged identity management is one of the most critical security controls, particularly in today’s increasingly complex IT environment. Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.”
Security threats in cloud computing
The security of your cloud is a shared responsibility of you and your cloud service provider.
Below are the top security concerns for cloud based services that you should be aware of. It is necessary for you to take the necessary precautions for mitigating these threats.
- Data breach. It refers to a security incident in which a bad actor gains unauthorized access to confidential data and is ranked as the number cloud threat.
“The average total cost of a data breach is $6.45 million for healthcare organizations and $5.86 million for financial services firms”
- Misconfiguration and inadequate change control. Misconfiguration occurs when the computing and access assets are set up incorrectly. It is a leading cause of data breaches which can result in the data being deleted or modified.
“Over-permissioned accounts and roles result in cloud misconfiguration most of the times ”
“ Cloud misconfiguration resulted in the average cost of a breach increasing by more than half a million dollars to $4.41 million”
- Insufficient identity, credential, access and key management. Once an attacker gets access to the identity credentials, specially the privileged ones, they get access to all the sensitive information in your organization’s cloud environments.
This results in cryptojacking, data breaches and destruction of intellectual property and other sensitive data.
- Account hijacking. Attackers are always on a lookout for ways to get their hands on the privileged credentials. Account hijacking refers to the full compromise of the account, its services and the data within. This causes significant operational and business disruptions.
- Insider threats. Malicious insiders can be current or former employees, third party personnels or other contractors who have legitimate access to the sensitive data on the cloud. Solid PAM controls and least privilege approach can reduce risk and help keep cloud operations secure.
Securing privileged identity in the cloud
- Implement least privilege across the cloud environments. To mitigate the misuse of privileges, every identity (human or machine) should only be granted access to the resources that they need for their job and that too for the right time.
As the number of identities go on increasing, it becomes difficult to manually keep a track of all the entitlements. To address this limitation, we have Cloud Infrastructure Entitlements manager (CIEM).
- Secure the Root-level Account and Cloud Management Console. Root level accounts are the ones which have irrevocable administrative privileges such as the AWS root user account, Azure Global Admin role and the Google Cloud Platform (GCP) Super User account and they should not be used for day to day administrative tasks. Also, MFA (Multi factor authorization) and constant monitoring and recording of sessions should be implemented for a root level account.
Gartner predicts that, “by 2022, more than half of enterprises using privileged access management (PAM) tools will emphasize just-in-time privileged access over long-term privileged access, up from less than 25% today.”
Cloud management consoles and portals enable comprehensive management of your organization’s cloud resources. To reduce risk you should consider adopting least privilege and just in time (JIT) approach.
- Secure Your Organization’s Dynamic Cloud Infrastructure. The cloud environments keep changing constantly.
You must employ a secure centralized repository for all the privileged credentials (human and machine both). You must manage the infrastructure credentials using the principles of least privilege approach. You must also ensure that all user access uses a JIT approach that grants access for a set period of time.
Credentials such as SSH keys need to be created at a rate difficult for humans to manage. They are typically used to access virtual machines programmatically. Hence, they must be automatically on-boarded and secured with vaulting and rotation as new cloud instances are spun up.
- Secure Cloud Native Applications and DevOps Pipeline. DevOps pipelines increase business agility by reducing time-to-deployment and getting new applications and services into production faster.
“Gartner predicts by 2021, over 50% of organizations using DevOps will adopt PAM based secrets management products, rising rapidly from less than 10% today.”
For all your DevOps tools, you must maintain a single security posture through a centralized console for identifying and authorizing your credentials. All access, especially by privileged users should be provided with an additional layer of authentication, like SSO and MFA.
For custom built applications, it is important that direct access to API keys is never provided to human users. All the API keys should be securely stored in a digital vault allowing only authorized access to users under centralized policies.
- Secure SaaS Applications. SaaS applications can now be used to manage almost every aspect of internal operations with ease. It becomes important to secure your SaaS applications from cyber criminals.
For SaaS applications, you must treat the administrative accounts and all users with access to sensitive information as privileged.
The first step in securing these applications is to deploy a single sign-on (SSO) service that leverages a central identity provider such as Microsoft Active Directory or Azure AD to manage user authentication and grant access to SaaS applications through a single set of login credentials.
Further, you can secure SaaS applications by leveraging MFA, thus adding a secondary layer of protection before access to applications is granted.
Technosprout’s CyberArk certified workforce are experts in deploying the necessary IAM & PAM security solutions.
To know about how you can secure the cloud click here.