Access Control in the Cloud

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on print
Share on whatsapp
With the pandemic COVID-19 looming around, more and more businesses are migrating to the cloud at a much faster pace, and remote workforces are becoming increasingly common. The increased cloud adoption has magnified the threat surface of an enterprise. One of the biggest challenges that enterprises face today is that of identities and managing their access.

Gartner has defined Identity and Access Management as “the discipline that enables the right individuals to access the right resources at the right times for the right reasons”.

Identity and Access Management (IAM) allows identification, authentication, and authorisation of individuals, groups, and identities; and control their access and impose restrictions to protect data. While the term “Identity” commonly indicates individuals; in the cloud universe, identity can be both human and non-human and deals with access to applications, services, resources, and networks.

With the increasing usage of cloud services, one can see unprecedented growth in the number of privileges that identities have across platforms, devices, services, etc. These identities have privileges that allow them to easily create or destroy, making them demi-gods of sorts.

Governing identities and their access in the cloud is a very complex task. In the cloud, when a user is trying to access a resource or an application, there are many overlapping layers of access concerning the user and that resource, such as service control policy; permissions boundary; identity-based policy, session policy etc. resulting in the user, the resources, and the applications being assigned their own separate identities.

It is critical that access to cloud infrastructure (systems, applications, and services) are at all times rightsized, and there are no over-provisioned privileges. Studies suggest that most identities use less than 2% of their privileges to perform day to day operations, leaving the 98% privileges unused and open to misuse. Lack of visibility into the cloud infrastructure adds to this, and there is an absence of insights into who has-what privileges, thereby expanding an organisation’s threat surface.

The starting point to an effective IAM governance is enforcing policy guardrails in the cloud infrastructure that can prevent unauthorised access and over provisioned privileges. Example:

Gaining visibility into the access rights or privileges of various identities is also critical to a sound IAM strategy. Having a unified view of the IAM posture across the cloud infrastructure, and the ability to track all the identities, their privileges, and ascertain when the privileges were last used by the identities or how many privileges or service grants were used over the last 30, 60, 90, 180 or 360 days is critical.

What is C3M Cloud Control?

A 100% API based cloud security and compliance management platform that gives enterprises across AWS, GCP and Azure the following capabilities:

Related Articles