Getting a Better Handle on Identity Management in the Cloud

Realizing the cloud’s enormous potential enables organizations to innovate and undergo digital transformations. The last two years have shown the importance of ensuring healthy cybersecurity, especially as many companies have migrated to the cloud. However, an important part of the cloud is to ensure that companies use proper identity management. Increased cloud adoption has resulted in a deluge of new human and even non-human identities that threat actors can compromise. Companies that do not take this seriously may find themselves the latest victims of a breach.

Look no further than Okta, a popular identity management platform used by many companies. Earlier this year, the criminal organization Lapsus $ claimed to be in possession of a superuser account with Okta. Although the full extent of the breach is not yet known, having this high-level credentials potentially means that the criminal organization has the figurative “keys to the kingdom” in terms of access, along with the ability to obtain data from users who rely on the Okta platform. When an identity and access control (IAM) provider is the victim of an identity-based attack, you know that threat actors are playing hard.

That said, IAM is not a new topic and will certainly become more important in the foreseeable future. A report from Cider Security ranked IAM as the second biggest problem in continuous integration / continuous delivery environments. These concerns relate both to the permissions granted to identities across a company and to ensuring that permits are deprovisioned in a timely manner.

Difficulty managing identities in the cloud

It is difficult to manage identities in the cloud due to a mix of factors. Often, the structure of a cloud provider’s notions of projects and organizations is not well related to how a company structures itself. This can lead to things like a single business user trying to manage multiple “identities” in the cloud to perform their work. Downstream, this results in getting, if anyone, people any real insight into who has access to what in the cloud.

As problems like this grow, they worsen further as the company hires employees and then experiences revenue. Also, moving from on-premises to the cloud can create similar challenges. Businesses spend years operating in a way that works for them with their own hardware, and as they move to the cloud, they need to adapt the older way of working to the cloud provider’s structures.

Consequences of incorrectly administered identities

From a security perspective, lack of proper management of IDs in the cloud opens up companies a lack of command and control over who can do what within their infrastructure. It also makes it very difficult to recognize when something is wrong with IDs or permissions for these identities.

From a non-security perspective, poorly managed identities can lead to friction in a company’s processes and can then lead to unwanted results. These results may include employees who need to log in to cloud assets using multiple identities, or employees who constantly find that they need to request new permissions that they should have had from the start. Ultimately, this slows down a company’s processes.

Two common IAM error steps

Customers regularly fail to build cloud-based solutions when it comes to identity management. Ultimately, the cloud resources that identity holders have access to do not matter if you are a person, a machine, or a dog. If you have the correct credentials, you are approved and authorized. Before they know it, a mission-critical service is running 24/7/365, and an important part of that service is talking to other critical services through the identity of a human employee. What happens when the employee in question leaves? Ensuring the continuity of services is imperative for businesses and their cloud identity and access management.

Another potential pitfall comes with users sharing credentials. It does not take long before that key is used without anyone having the opportunity to track down exactly who really has access to the cloud resources. This lack of accountability can lead to major problems, including security issues, for companies.

How organizations can mitigate security issues

First and foremost, you need to treat identity management as a first priority issue, not something you need to figure out later as you get your business up and running. Create your own well-defined identity management policies to ensure the principle of minimum privilege, where identities can only access what they need.

Do not let the tools from cloud providers determine how you run your business. A good way to make sure your business is in the driver’s seat is to find people who know the cloud and know it well. Bringing in external assistance from those who know it best not only puts it in the hands of those who are most qualified to do so, but it can also help alleviate common IAM problems that you may not even have. have on your radar. In addition, it is important to have organization-wide visibility in your cloud infrastructure. This valuable insight into your cloud infrastructure provides several benefits, not only for IAM, but also for compliance and financial management.


Leave a Reply

Your email address will not be published.