Securing identities in the cloud has been a headache until now, ET CISO
Securing identities and roles within any cloud platform is incredibly difficult, especially considering the scalability and complexity inherent in these platforms.
Due to the huge number of services, applications and functions that are made available by the cloud platform providers to their customers, identities and their entitlements can be assigned and leveraged in far more ways and places than is commonly seen in traditional IT environments. This presents a huge opportunity for cyber-attackers, as compromised identities are one of the most leveraged attack vectors with 84% of organizations across the world having suffered an identity-related breach. Yet, one-third of Indian organizations have no risk management plan to address cloud security challenges and only half are satisfied with technology capabilities in key security areas.
For Indian organizations, implementing and configuring a cloud security solution can be incredibly challenging as it’s easy to get overwhelmed by the sheer volume of “things” to monitor in the cloud and they may not have the deep expertise necessary to understand the underlying complexity of all the accounts, services and other components of cloud infrastructures.
Security teams are tasked with keeping track of applications and services running on Kubernetes infrastructure, IaaS and container resources, as well as all the user identities and non-human service accounts associated with all these moving parts. To tackle the complexity, organizations often look to tools and point solutions to help combat these threat vectors. It only racks up the costs of configuring and implementing multiple cloud security solutions and can add more complexity with tools that don’t work together, integrate or show a more complete view of where risk exists across the entire cloud environment. Even with technically advanced tooling, security teams still rely on spreadsheets to try and reconcile all of the findings — 46% of Indian organizations still use multi-tabbed spreadsheets to analyze security findings.
A more effective strategy would be for organizations to isolate what threat actors try to target when breaching cloud infrastructure and truly understand the risks associated any of the assets, applications and credentials in use. Most importantly, however, organizations must first understand the intricacies of securing identities and entitlements, as they are the most targeted assets and once compromised, can provide complete access to every other asset in the cloud environment.
Understanding cloud identities
When securing identities, it’s important to understand the difference between service accounts and human identities, along with the different approaches to securing them to establish a least privilege model.
For service accounts meant to serve workloads, services or applications and operate on a consistent and predictable basis, organizations must evaluate which permissions are assigned as opposed to which are used because these identities are programmed for a specific purpose and requirements seldom change. However, human identities are more unpredictable, challenging security teams to allocate permissions for specific resources and actions especially.
Establishing a zero-trust model in such an instance can be difficult and cybersecurity leaders in India agree, with only 23% of them focusing on shifting to a zero-trust model in 2024. As daunting as it seems, organizations must realize the importance of securing identities as it’s one of the most sought-after attack vectors.
Organizations can benefit from integrating a just-in-time access program for administrative-level accounts or service accounts with higher levels of access or permissions than a standard user should have. For example, DevOps teams could request and be granted short-term access to the cloud for specific tasks in critical environments and ensure this short-term access workflow integrates into existing communication tools.
When identities and their access are unaccounted for, it causes toil and friction between Security, DevOps and IT teams. This kind of temporary elevation of access allows developers, DevOps or IT admins the ability to do their job when it warrants higher levels of access without exposing the organization to risk continuously when permanently assigning these permissions and making those accounts lucrative targets for cyber-attackers.
Choosing the right security solutions
While excitement and budgets are rising for cutting-edge security programs in India, the progress in actually improving security where it counts is slow, especially concerning the right types of technology investments. In India, a mere 22% of security leaders are focused on anticipating cyber risks before a breach successfully takes place.
Organizations find themselves using different tools to manage access for users, often losing the ability to have complete insight into entitlements and the overall risk posed by both human and service accounts have improper levels of permissions or entitlements. In fact, in India, one-fifth of organizations say they have too many cybersecurity solutions. While adopting new cloud security solutions, organizations must ensure they offer multiple capabilities all while providing context and a unified understanding of risks and potential targets for cyber criminals. This includes entitlement insights and visualization of identities, full visibility into multi-cloud resources, permissions and their activity, and continuous monitoring to detect and assess risk factors like network exposure, misconfigurations, risky permissions, exposed secrets, and identity-related threats.
Once organizations identify the right solutions for their particular environment, the next step is enforcing a zero-trust model, which is supported by leveraging integrated tooling capable of automating permissions guardrails through least-privilege policies. The right solutions, paired with a zero-trust strategy offer full visibility into cloud identities — both service-level and human, and valuable context, helping security teams streamline and prioritize remediation.
The most comprehensive security solutions in modern cloud environments are CNAPP solutions which offer multiple tools and controls within a single platform that provides context and visibility into attack pathways that threat actors can leverage to cause damage in the cloud environment. Most provide continuous monitoring and detection, making the identification of new threats and zero-days as soon as they are publicly discovered becomes easier. As an example, an organization may have hundreds of publicly accessible workloads running in a cloud environment. However, only 10 of them have critical vulnerabilities and of those, only five have critical vulnerabilities and accounts with high levels of privilege.
When CNAPP tools offer this combined context, it becomes easier to prioritize which vulnerabilities to address first. As most point solutions don’t offer such context, security teams end up trying to address all identified risks in all public workloads because these products can’t provide additional context for identities and entitlements. This is incredibly time-consuming and doesn’t meaningfully address and reduce risk. Understanding where the risk lies with a more complete contextual understanding of its potential for harm means that organizations can make smarter decisions about where to focus remediation efforts as quickly as possible with their limited available resources.
Regardless of whether organizations have a public instance with known exploitable vulnerabilities or misconfigured infrastructure code where cloud exposures are exploited, attackers are known to focus on going after users and identities to facilitate lateral movement and launch additional attacks to gain elevated privileges and, ultimately, compromise the entire environment and access sensitive data.
For organizations looking to improve their overall security posture, prioritizing cloud security, understanding where the risks to assets, applications, workloads and credentials lie and addressing the most important ones first becomes the element that determines how strong their overall defences can be and lays the foundation for a more comprehensive security program that tangibly and meaningfully reduces risk for an organization.
The author is Nathan Wenzler, chief cybersecurity strategist, Tenable
Disclaimer: The views expressed are solely of the author and ETCISO does not necessarily subscribe to it. ETCISO shall not be responsible for any damage caused to any person/organization directly or indirectly.