Page 99 - Cyber Defense eMagazine April 2021 Edition
P. 99
Workloads in the cloud are extremely complex. It becomes increasingly challenging to instrument the cloud
and send voluminous amounts of alerts to responsible security teams. DevOps need to understand how
quickly these workloads fire off and how automation is required for the desired result. Teams need to
understand the complexity. The intricacies of rules and regulations demand complexity to reduce risk and
increase security. Global restrictions make cloud security even more complex.
In the cloud, Identities, human and non-human, are the new security perimeter. As such, a new approach to
security is needed, one that focuses on Identity and data governance. Organizations that have recognized
this, and adjusted their strategy, are already seeing the benefits, not just to their security program, but also
to their overall business. Let’s look at some of the challenges they faced and more importantly overcame.
Organizations Fail to See the Common Identity Blind Spots
Many organizations fail to recognize the most common Identity management blindspots. Let’s start with the
highly privileged Identities. While not all users enjoy the same level of access across cloud services and
resources, some Identities accumulate high levels of privilege due to their various responsibilities. This means
they can move in and out of important accounts relatively unchecked. Examples include managers, software
engineers, content professionals, members of the finance team, and more - the unchecked Identities.
Another common blind spot is granting elevated permissions to individual users which can cause
considerable harm. For example, a user may be able to change system configuration settings, share access
with other users, or lift sensitive information that can be sold for profit. As such, it is important to err on the
side of restricting access.
Lastly, your organization is too slow in de-provisioning. Further problems can arise when end users, human
Identities leave an organization without being properly de-provisioned, increasing the likelihood of a
catastrophic data breach. Because non-human Identities can also take on a role like a user, an organization
may lose visibility into what can be accessed. IT administrators need to have a centralized system in place
to control Identities for rapid provisioning and de-provisioning.
Don’t Stumble on Your Lack of Cloud Guardrails
An organization’s Cloud Service Provider (AWS, Azure, or GCP) enables guardrails to provide strong
preventive and detective governance throughout their environment. Guardrails can be used to control system
resources and monitor compliance across accounts, organizations, roles, Identities, and non-human
Identities. However, cloud-native guardrails are not enabled by default and can be disabled by system
administrators.
Furthermore, these guardrails are often at different stages of maturity and almost always within their own
pane of glass, which makes effectively managing within your cloud very difficult. Managing across different
clouds - forget about it! Without guardrails in place, organizations are highly exposed to any number of
threats, such as data theft or unauthorized access. While guardrails may vary in scope from organization to
organization — or even across different cloud providers — they should always be used.
99 Cyber Defense eMagazine – April 2021 Edition
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.