#1 Threat to Cloud Computing: Insufficient Identity, Credential, Access, and Key Management
Written by the CSA Top Threats Working Group.
The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloads, supply chains, and new technologies shifted the cloud security landscape.
This blog will summarize the first threat (of eleven) from the report.
Identity, Credential, and Access Management
Identity, credential, access management systems include tools and policies that allow organizations to manage, monitor, and secure access to valuable resources. Examples may include electronic files, computer systems, and physical resources, such as server rooms or buildings.
Proper maintenance and ongoing vigilance are important. The use of risk-scoring in Identity and Access Management (IAM) enhances security posture. Using a clear risk assignment model, diligent monitoring, and proper isolation of its behavior can help cross-check IAM systems. Tracking target access and frequency for risk scoring are also critical to understanding risk context.
Privileged accounts must be deprovisioned in a precise and immediate manner in order to avoid personnel access after offboarding or role change. This reduces the data exfiltration or the likelihood of compromise. Outside of deprovisioning privileged accounts, it is imperative that roles and responsibilities match the level of ‘need to know.’ Multiple over-privileged personnel create a higher likelihood of data mismanagement or account takeover.
Negative consequences of Insufficient Identity, Credentials, Access and Key Management, and Privileged Accounts may include:
- Negative business performance and productivity due to reactive and overly restrictive lockdowns
- Employee testing fatigue resulting in a lack of compliance and apathy to security
- Data replacement or corruption vs. exfiltration by unauthorized or malicious users
- Loss of trust and revenue in the market
- Financial expenses incurred due to incident response and forensics
- Ransomware and supply chain disruption
What do proper IAM, credential, and key management results look like?
- Hardened defenses at the core of enterprise architectures shift hacking to endpoint user identity as low-hanging fruit.
- Robust zero trust layer requires more than simple authentication for discrete users and application-based isolation.
- Operational policies and structured risk are models also vital for advanced tools.
- User objects must be given risk scores that dynamically adjust as the business requires. Trust should be earned rather than simply providing keys and codes.
In 2021, state-sponsored attacks were on the rise and getting more sophisticated. This year saw breaches that involved Twitch, Cosmology Kozmetik, PeopleGIS, Premier Diagnostics, SeniorAdvisor, Reindeer, and Twillo, with the majority of these attacks being privilege abuse from insider threats. This goes to show that companies that don’t monitor risk and resilience face a dynamic threat landscape flat-footed.
Learn more about this threat and the other 10 top threats in our Top Threats to Cloud Computing Pandemic Eleven publication.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.