Blogs

Blog: Achieve Least Privilege at Cloud Scale

Issue link: https://resources.cloudknox.io/i/1310278

Contents of this Issue

Navigation

Page 0 of 2

When we talk about the origins of common security incidents and breaches, we rarely consider the problem as it relates to privileged identities and their access rights to cloud resources. But if you look back at the most high- profile breaches of the last few years, you will note a direct link to this emerging attack surface—which is the result of exponential and unmanaged growth in identities with excessive and powerful permissions. These breaches underscore the concept of shared responsibility, which sharply delineates responsibilities between cloud providers and their customers. Moreover, the model places the responsibility for security "in the cloud"— including everything around identities, access, permissions, and authorization—solely on the customer (and not the cloud provider.) As such, it puts a significant onus on internal IT resources because cloud security is only as good as an organization's ability to control the level of access that identities have to their cloud infrastructures. Further, the actions these identities can take are dictated by the types of permissions they are granted. So, preventing the overprovisioning of both human and non-human identities, and quickly responding when those permissions are either accidentally misused or maliciously exploited, has become a top priority for enterprises. Gartner recently predicted that 75% of all security failures by 2023 will be the result of inadequate management of identities, access, and permissions – and 99% of those will be the cloud customer's fault. In response to this increasing threat, Gartner recently introduced a new cloud security category called Cloud Infrastructure Entitlement Management (CIEM) in its June 2020 Managing Privileged Access in Cloud Infrastructure report. CIEM is defined as the next generation of solutions for managing privileged access and enforcing least privilege in the cloud. It addresses the limitations of existing IAM solutions and highlights the need for cloud-native identity-centric solutions that extend across multiple cloud platforms and continuously enforce the principle of least privilege at cloud scale. CIEM includes a set of core requirements to help enterprises evaluate and implement the best solutions and processes to achieve a true least privilege state across their cloud infrastructures. While these requirements may appear daunting, the recommended lifecycle-based approach helps minimize the overall implementation burden. A Lifecycle Approach to CIEM A lifecycle framework for CIEM enables enterprises to continuously discover, manage, and monitor the activity of every unique human and machine identity operating in their clouds and ensures appropriate alerting of security and infrastructure teams to areas of unexpected or excessive risk. Critical aspects of a lifecycle approach include the ability to: BLOG Blog Entry November 18, 2020 Achieve Least Privilege at Cloud Scale With a Cloud Infrastructure Entitlement Management (CIEM) Solution

Articles in this issue

view archives of Blogs - Blog: Achieve Least Privilege at Cloud Scale