IAM and the cloud
The public cloud is the future. Within a decade, I predict that most organizations will have 90-100% of their workloads and applications running in the cloud.
We all hear about cloud-based applications and organizations being breached; the most famous one is Capital One Breach.
The common denominator to almost all these breaches is a misconfigured cloud resource, and to be more specific, it is always around IAM misconfiguration or overly permissive policy that opened a door for the attacker.
IAM misconfiguration is the number one reason for cloud data breaches. They can be easily mitigated and prevented if organizations will start hiring the right people with the right skills for modern digital transformation. If these people cannot be found - organizations must invest and develop internal talent. Organizations also must listen to their internal security professionals and build security into their applications and not bolt it in as an after the fact matter.
What are your thoughts on this matter? Am I right? Wrong?
Founder & CEO @ CMMC Zone | Cybersecurity Leader · Innovator · Entrepreneur | Crafting Advanced Solutions for Lasting Impact
4yEran, good points but I would not necessarily call it the #1 reason. It's usually a combo of several missing or misaligned controls. I recommend you also look into cloud metadata services. SANS has a good recent webcast on it...
Sr. Technical Account Manager at Amazon Web Services (AWS)
4yGreat points, Eran. Are there any tools or best practices that you think help insure IAM roles are set up correctly?
Senior Solutions Architect at HashiCorp
4yI think you’re spot on here Eran! Once organizations move towards the reality that is the cloud, this also means you’re not going to always have nice neat heterogeneous environments, but you still need ways to provide granular access control. A previous employer of mine had some 12-18 resources dedicated solely to IAM, and it seemed to work for them!
AI & Cloud Innovator | Tech-to-Business Translator | Hands-on CTO & Product Leader | Award-Winning Solution Expert | Tech Efficiency Accelerator | TEDx Speaker | Blockchain Visionary
4yLooking at Okta and Ping stocks tell the same story as your article. Good writeup my friend .