Cloud infrastructure has seen accelerating levels of automation over the past few years. While the new, unprecedented level of automation delivers benefits like speed and agility, it also introduces enormous risk. With automation, enterprises are now able to create or destroy a data center with a single script — something that wasn't a possibility even 15 years ago and has allowed enterprises to reach newfound heights in both efficiency and scale.
The probability of identities misusing privileges (whether intentional or not) has also increased greatly for any enterprise planning a cloud migration or already embracing the cloud:
Consider the recent Capital One breach. Based on public information, a major contributor to the incident was the fact that an excessive amount of privileges were provisioned to an IAM role on an EC2 server. The hacker got into to an EC2 instance and obtained the access key and secret key needed to assume a role. This role had privileges to enumerate many S3 buckets and download all the data. Without these elaborate set of privileges, the issue would have been much more subdued.
Typically, when these roles are created, the set of privileges that the role needs are determined completely based on assumptions. Almost everybody errs on the side of provisioning more and never reviews the actual usage, as it is almost impossible to do manually.
Enterprises are generally aware of and want to fix the fact that any crack in their cloud infrastructure, regardless of how trivial, can cause significant damage — but the larger issue is that they usually do not know where to start or what to do. Another problem is that they rarely have the level of visibility needed to understand which actions identities are authorized to perform across multiple, complex, and vastly different cloud operating models.
The problems don't stop there. As the example above illustrates, automation has inadvertently created what are known as "Super Identities." These identities have extraordinary — and oftentimes, unnecessary — power and responsibility. IT teams now have to manage more than 30,000 privileges across the four major cloud platforms and more than 50% of them can disrupt business. These are growing almost on a daily basis as the cloud providers are introducing new services and features at a faster rate.
These Super Identities are not just limited to humans; many are actually non-humans, such as machine identities, service accounts, bots, API keys, etc., which only require a small subset of privileges to do simple and repetitive tasks.
If and when the credentials of even just one of these Super Identities fall into the wrong hands, the probability of the damage being catastrophic is huge. As a case in point, an IAM role on an EC2 server that had an excessive amount of privileges was the major culprit of the Capital One breach, for instance. Severe damage like this through privilege misuse is certainly not ideal for any enterprise embracing the cloud.
Manual Processes vs. Automation
Due to a lack of tools and solutions in the market to combat the over-provisioning problem, enterprises have been forced to use manual processes.
The biggest flaw is that these manual processes create static roles based on assumptions — either pre-defined roles that cloud providers provide or custom roles created by the enterprises. The only way to fix this issue is by using a data-driven approach. In order to make these roles much more dynamic, organizations need to continuously monitor the usage and right size them to eliminate excessive privileges. Resorting to automation is the only way to achieve this.
It's also no surprise that enterprises are struggling with the impossible task of keeping up with the endless additions of new privileges, roles, resources, and services across multiple cloud platforms, as they barely have the time or resources.
This is exactly why I always urge enterprises to press the pause button before following through with a cloud migration in order to take a full inventory of their human and non-human identities, roles and privileges. It's critical that enterprises take the time to understand what actions their identities are performing on which resources in the cloud, especially on the more critical resources. It's important to start building out identity and resource risk profiles to refer back to both before and during a cloud migration. During this time of transition, enterprises have an opportunity to maximize visibility across complex cloud operating models to prevent and decrease risks down the road.
Multi-Cloud, Added Complexities
As enterprises increasingly turn to multi-cloud environments to achieve the benefits of cost savings and reduced time-to-market, the tradeoff is often a significant increase in complexity.
For example, as enterprises grow and add new services and infrastructure types, it's vital that the correct authorization policies remain intact and it's important to understand how privileges will be provisioned and maintained across systems. This will be key in order to mitigate the risk of accidents and insider threats both during and after the cloud migration process.
Are Your Identity Privileges in Check?
Identity privilege management — especially of machine identities — is crucial and should be central to any cloud migration strategy. Without a plan in place, enterprises cannot successfully combat the expanding insider threat risk surface, whether it's the result of a simple operator error or malicious intent.
By prioritizing and investing in the continuous monitoring and management of machine and human identities before embarking on a cloud migration, enterprises have the extra time and resources to ensure proper authorization policies are in place once the cloud migration is complete. Identities are the new perimeter, according to Gartner — so there is no better time than now to make managing them a priority.