Securing identities in multi-cloud environments
Technology has changed considerably over the last few years. And the Covid-19 pandemic has boosted this process, with an increasing number of organizations migrating their infrastructure to cloud environments, including software, applications, services, products, and operating systems. According to a study from Barracuda,
53% of IT leaders will accelerate their plans to migrate all their infrastructure to Cloud-based models, supported by Cloud Service Providers, or CSPs.
The fact is that most organizations don’t rely on just one CSP: a VMWare study indicates that 73% of organizations adopt 2 public clouds, with 26% using three or more CSPs. The main benefits of this multi cloud approach to organizations are faster time to release applications, reduced IT infrastructure costs and improved productivity.
And if you believe that migrating all your infrastructure to the cloud will solve all your problems, you’re mistaken. Gartner research indicates that
95% of data breaches in cloud environments are the customer’s fault, and not the CSP’s.
This means that protecting cloud infrastructure against cyberattacks is a shared responsibility. It is important to mention that protecting multi cloud environments can be quite overburden to IT administrators. With the growing number of offerings from CSPs, the appropriate access governance and monitoring is becoming more complex, which introduces new challenges for cybersecurity teams.
The first of those challenges is the proper visibility of entitlements in cloud environments, especially when dealing with multi cloud infrastructure, including human and non human accounts. After all, it is impossible to protect what is not managed, and it is impossible to manage what is unknown.
Another aspect that should be considered by IT leaders is the different security mechanisms defined by CSPs to improve the cybersecurity posture. Many CSPs offer common security mechanisms, such as MFA, enforced password policies, over permissioned identities, among others. However, the criticality of these mechanisms can change depending on the line of business or for what that environment is being used for.
To address challenges associated with entitlements in multi cloud environments, cybersecurity vendors, including senhasegura, started to develop specific solutions, called Cloud Infrastructure Entitlements Management, or CIEM.
Gartner defines CIEM as ‘specialized identity-centric solutions’ that focus on managing identity access risk. At the same time, traditional Identity Access Management (IAM) tools do not address properly challenges associated with dynamic and granular cloud environments.
In this aspect, CIEM tools are better design to implement the Principle of the Least Privilege on environments where both identities and entities can access only what they need at the right time and for the right reason.
Recommended by LinkedIn
In our case, we named our CIEM solution as senhasegura Cloud Entitlements. senhasegura Cloud Entitlements take advantage of senhasegura’s industry-recognized intuitive interface and User Experience to deliver the best experience to protect cloud environments.
The first feature that senhasegura Cloud Entitlements offers is the visibility of all entities - users, groups and service accounts - in the environment. In this case, administrators are able to track which services and resources a cloud entity has access to.
This feature is quite important in scenarios where customers have their technology assets distributed across different cloud service providers, in order that Cloud Entitlements brings this vision in a uniform and centralized way.
senhasegura Cloud Entitlements is also capable of pointing out which of these identities have administrator privileges, by comparing the configured security policy to the actual policy. senhasegura also helps administrators with the proper steps to remediate aspects non compliant with the current security policies in the organization.
After an account is connected, senhasegura Cloud Entitlements is able to analyze all identities and indicate which settings and permissions represent vulnerabilities to the organization. Those vulnerabilities include full permission on a service, admin access, absence of MFA, and others.
senhasegura periodically updates this list so that after the administrator addresses resolves the vulnerabilities, it is possible to ensure that all recommendations brought by Cloud Entitlements are accurate and reflect the current cloud environment.
Finally, through senhasegura’s intuitive dashboards, administrators can have a centralized view of security aspects of their cloud environments. Those aspects include the number of detected vulnerabilities, their respective criticality, and the number of managed identities in the different CSPs.
senhasegura also shows a graphic history of the IAM vulnerabilities scan performed in the cloud environments and its state, with the number of entities manages throughout the different periods.
We’ve seen how difficult it is to manage identities and entitlements on dynamic environments such as cloud infrastructure. At the same time, traditional tools like PAM and IGA do not offer the proper visibility and security of dynamic and granular cloud environments.
That being said, using specific cybersecurity solutions like called Cloud Infrastructure Entitlements Management helps organizations to protect their cloud-based applications and critical data from malicious attackers. This will help organizations protect against cyberattacks, reduce cybersecurity risks and, over all, ensure business continuity.