Authentication, Authorization and Access Management: The Cloud Changes Everything for Enterprises
By: Mohie Ahmed
Cloud computing combines diverse networked devices and an array of services. While cloud service providers tout the simplicity and cost savings associated with moving to the cloud, the architecture of cloud computing creates new security headaches as the attack surface expands.
Enterprises are moving to cloud services at a very rapid pace for all the right reasons: cost-effectiveness, scalability, reliability and flexibility. However, every advantage can be wiped out in an instant if insider threats are not managed, and external threats are not addressed.
Let’s be perfectly clear: cloud networks are vulnerable to numerous network attacks and privacy issues. In public clouds, multi-tenancy and third-party managed infrastructure require identity and access management much more so than on-prem and controlled private network environments.
Privileged Access Management (PAM) is especially critical in this “shared” environment, and it is incumbent upon cloud service providers. Enterprises who consume their services are keenly aware of the requirements, which are different than those associated with legacy environments.
Cloud computing is commonly divided into three primary buckets: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). Cloud is based on service-oriented architecture which has the capability of providing Database-as-a-service (DbaaS), Identity-as-a-service (IDaaS) and Anything-as-a-Service (XaaS), and is constantly evolving with the growth of end-points, devices, and combinations of applications (including those using APIs to ingest data).
Flexibility, scalability, interoperability, and service control is mission critical, especially for heavily regulated industries like financial services, healthcare and government.
Cloud Service Providers (CSPs) must define policies related to access control in Identity Access Management (IAM) as well as PAM, to ensure only authorized users – at each moment – are accessing resources and services. Governance, Risk Management and Compliance (GRC) policies, done thoughtfully, synchronize activities across the spectrum to ensure the efficiency and security of operations.
What too many CSPs miss is that growing insider attacks are launched by someone who is inside the security perimeter and who can engage in compromising activities. Numerous studies show malicious insider threats account for up to half of breaches, whether an employee or former employee, or business partner/contractor.
These insiders misuse their privileges to access, and often monetize sensitive and valuable information.
The use of strong authentication and authorization mechanisms is needed to reduce insider attack threats, which is where PAM for cloud comes in.
Cloud services, as the “new approach” to digital operations, are changing everything for organizations, reducing capital expenditures and ongoing operational costs.
But what are the true costs when clouds are compromised?
Ironsphere supports on-prem and on-Cloud IaaS platforms including AWS, Azure and Google Cloud. Our multi-cloud offering enables our clients to track and record all privileged activities in their Cloud IaaS platform, audit trails and reports to meet regulatory compliance mandates, discover system/service accounts and eliminate password sharing and much more. You can learn more here
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.