Page 226 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 226

Rotation of keys and secrets is only one part of the larger challenge of complete non-human identity
            lifecycle  management.  While  the  latest  report  highlights  several  shortcomings,  cloud  transformation
            through  vendors  such  as  Microsoft  still  allows  organizations  to  improve  agility  and,  with  the  right
            approach,  security posture. As environments become increasingly distributed spanning multiple clouds
            and  hundreds  of  interconnect  services,  Non-Human  Identities  grow  exponentially  in  scale.
            Consequently,   security  and  operations  teams  need  to  adopt   the  right  tools  that  enable  effective
            cooperation across every phase of the lifecycle from provisioning, to rotation and decommission.

            Organizations should implement practices and tools that align operational continuity efforts with security
            best practices, ensuring they complement rather than conflict with each other. Companies can’t disregard
            the limitations of human driven processes, which are more prone to error and operationally expensive.
            While adding automation for tasks like secret rotation requires integrating new tools and capabilities into
            your stack, this investment is crucial for long-term business success. Microsoft's decision to move from
            manual to automatic key rotation is the right move to make and, had it been implemented sooner, it could
            have prevented the attack with undeniable business benefits.

            In an era marked by the rapid proliferation of cloud computing and digital innovation, the adoption of
            automated solutions emerges as a pressing imperative for effectively managing non-human identities
            (NHIs). As organizations grapple with the complexities of identity and access management in an ever-
            evolving digital landscape, prioritizing visibility, posture management and lifecycle automation of NHIs is
            paramount.

            By  embracing  automated  solutions  for  NHI  management,  organizations  can  streamline  key  rotation
            processes,  proactively  identify  vulnerabilities,  and mitigate  potential  risks  in  real-time.  This proactive
            approach not only bolsters security defenses but also instills confidence in stakeholders, demonstrating
            a commitment to safeguarding sensitive data and preserving operational continuity.



            About the Author

            Amit  Zimerman,  Co-Founder  and  Chief  Product  Officer  at  Oasis  is  a
            seasoned leader with a diverse technical and product background. Before
            co-founding Oasis, he played pivotal roles at CyberMDX, and Microsoft,
            bringing  a  wealth  of  product  and  security  expertise.  Amit  also  had
            significant  contributions  during  his  seven-year  tenure  in  Israeli  Military
            Intelligence forces as a leader of some of the high-profile cyber projects at
            the time.

            Amit  can  be  reached  online  at  LinkedIn  and  at  our  company  website
            https://www.oasis.security/














                                                                                                            226
   221   222   223   224   225   226   227   228   229   230   231