Need for Cloud IAM Security

As more organizations are shifting to the cloud for their digital transformation journey,  it has become important to secure your services running in the cloud, especially – the Identity and access management services. You must focus on protecting the user as well as the machine identities along with the data that they access. For protecting the sensitive data on the cloud you must work on strengthening identity programs. 

“The percentage of organizations that store more than half of their data in public clouds is expected to more than double in the next 24 months”

Understanding IAM

Cloud identity and access management enables you to access the services and resources in the cloud securely. It is a security service that gives any identity, i.e. machine or human, access to the right resources and at the right time and helps prevent access to other resources. 

“As data shifts to the public clouds, sensitive data is being stored with a variety of cloud services.”

IAM is built on a concept called a policy. A policy answers the question, who can do what to which thing. These policies are a set of permissions which determine who (human/machine identity) has access to which (resource) to do what (reading or modifying or both).

This ensures that the mailroom clerk does not have access to the financial documents of the company, whereas the accountant has. 

IAM helps you defend against malicious login attempts and safeguard credentials with risk-based access controls, identity protection tools and strong authentication options without disrupting productivity.

Need to secure IAM?

IAM security improves the efficiency and effectiveness of access management throughout the business.When managing access within the organization, IAM security also ensures that all identities (human or machine) have the right access privileges required for their job. Without it, bulk approvals for access requests, frequent changes in roles and departments, and the lack of suitable processes for access reviews contributes to excessive access privileges opening up the organization to insider threats and magnifying risk throughout the business.

Identities play a central role in the loss of sensitive cloud data.The top causes of data loss from the cloud include carelessness by the user, insider threat, use of personal devices, over-permissive credentials and stolen credentials. This highlights the connection between cloud identities and protecting the sensitive data. Exploiting an identity is the most common type of attack against the cloud. 

Over permissioned roles and misuse of privileged credentials have consequences, each contributing to cyber attacks against the cloud infrastructure and applications. Cyber attacks are mostly targeted at privileged cloud accounts. But, even employees present a risk by exposing sensitive data via authorized use. 

“88% of companies with over 1 million folders have more than 100,000 folders open for access for all their employees. This increases the risk of accidental leaks from employees or deliberate leaks from rogue ones!”

-2018 Global Data Risk Report by Varonis Data Lab 

Risks  & challenges associated with IAM

• IAM and SSO.Today most businesses use some form of single sign-on (SSO) for  managing the way users interact with cloud services. This is an effective way of centralizing access across a large number of users and services. Even though using SSO to log into the cloud accounts is the best practice, the mapping between SSO users and IAM roles can become challenging. This gets further complicated when identities have multiple roles that span over several cloud environments. 
• Over permissions.As the users and services have more than one permission set attached to them, understanding the effective permissions of an entity becomes difficult. Many identities have permissions greater than what is required. 

Over the last 12 months, it was discovered that the top type of misconfigured cloud services are over permissioned accounts and roles. The attack surface is increasing in the form of increasing permissions for human and machine identities for accessing critical cloud resources. Attackers can exploit these permissions for gaining access to the cloud resources, steal or alter sensitive data or interrupt cloud hosted services. 

“Average organization says 30% of their cloud identities are overly permissive.” 

• Multi-cloud.Most of the  organizations today use a multi-cloud strategy. Each provider has its own policies, tools and terminology. There is no common language that helps you understand relationships and permissions across cloud providers. 
• Heterogeneity and remote workers. The increase in remote work has increased the complexity of managing IAM services. The IT teams have to provide secure access from heterogeneous devices to a heterogeneous mix of applications. 

“28% say building an IAM strategy that can span heterogeneous public and private clouds is one of their organization’s highest cloud security priorities.”

Securing your IAM

As the cloud adoption grows exponentially, the above mentioned challenges will become more apparent. Following are some of the ways in which you can secure IAM:

• Grant Least privilege: As cloud adoption grows, we’re seeing exponential growth in cloud resources. Along with this we’re also seeing growth in permissions granted to humans and machines for accessing and altering those resources. This is risky as it can lead to misuse of privileges for stealing the sensitive data of your organization. To mitigate these risks, every human or machine should only be granted the permissions they need and at the time they need them. This security practice is known as “LEAST PRIVILEGE ACCESS”.
• Adopt Cloud infrastructure entitlements manager (CIEM): Cloud infrastructure entitlement management (CIEM) is used to describe the next generation of solutions for enforcing least privilege in the cloud. It addresses cloud security challenges of managing identity access management in cloud environments by using AI/ML.

It collects usage data for all the existing permissions to identify the excessive and unused permissions. Such permissions are removed with minimal disruption to ongoing operations. 

• Zero trust approach.  This approach to access management continuously requires verifying identities. It is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Its main motto is  “don’t trust anyone”.
• Avoid using root accounts. Always create individual IAM users with relevant permissions and don’t share your root credentials with anyone. 
• Monitor an account takeover attack (ATO) by including multiple failed authentication attempts which indicates use of stolen credentials.  

Conclusion

IAM solutions provide the confidence that only authorized, authenticated users are able to interact with the systems and data they need to effectively perform their job roles. Securing your IAM services will help prevent cyber attacks due to misuse of identities. 

Technosprout’s CyberArk certified workforce are experts in deploying the necessary IAM security solutions. 

To know about how you can secure the cloud click here.