Cloud Entitlements Are the New Security Perimeter: Wipro State of Cybersecurity Report 2020March 9, 2021
By Raj Mallempati, COO of CloudKnox Security
As organizations modernize IT and adopt hybrid and multi-cloud infrastructures to support more distributed business processes involving human and non-human identities, the traditional security perimeter becomes outdated. Identities today are the new security perimeter and have become an emerging attack vector to exfiltrate business-critical data. In fact, 52% of organizations prioritized scaling up secure cloud migrations during the COVID-19 crisis, while 87% stated they would continue to scale up secure cloud migrations after the COVID-19 crisis. With the accelerated adoption of public cloud workloads, the number of identities with privileged access to infrastructure is increasing exponentially.
High-Risk Permissions are Problematic
At the time of publication of the Wipro State of Cybersecurity Report 2020, more than 40,000 permissions could be granted to identities across the key cloud infrastructure platforms—Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and VMware vSphere—and nearly 50% of these permissions can be classified as high-risk with the ability to cause catastrophic damage if used improperly. Which is one reason that an astonishing 40% of all responding organizations still consider leveraging cloud infrastructure and applications one of the top cyber risks organizations face.
This trend has rendered high-risk identity permissions to be one of the most menacing threat vectors to cloud infrastructure for years to come. Analysis of the top 40 breaches in the Wipro State of Cybersecurity Report 2020 indicates that 50% of all breaches involved loss of user credentials. This emerging threat will force enterprises of all sizes to rethink how they grant, manage, and monitor permissions and how they secure their hybrid and multi-cloud environments with the goal of Zero Trust Access in mind.
Cloud Security Findings and Implications
Data collected from more than 125 risk assessments, uncovered the staggering fact that over 95% of all identities are grossly over-provisioned (i.e., granted a substantial number of high-risk permissions). Even more alarming is the fact that these identities used less than 10% of the permissions granted to perform their daily tasks.
The dangerous delta between permissions granted and permissions used is what we refer to as the Cloud Permissions Gap. This gap has quickly emerged as the number one risk to public and private cloud infrastructure, and is proving to be fertile ground for both accidental and malicious permissions misuse and exploitation. As more identities (human and non-human) leverage hybrid and multi-cloud infrastructures and deploy exponentially more workloads, the Cloud Permissions Gap is growing wider and more dangerous. The inability to properly grant, manage, and monitor these permissions across a multi-cloud environment is accelerating the permissions creep, which in turn has resulted in over-permissioned, privileged identities becoming the number one security risk.
The research indicates that 72% of organizations are storing data on cloud environments, which can easily be accessed if the over-permissioned identities are not right sized. This is incredibly troublesome as Zero Trust architecture calls for organizations to have a firm grip on all identities’ permissions via successful implementation of least privilege because when it isn’t executed effectively, irreparable damage can occur. This damage extends beyond the breach or loss of data to broken customer and stakeholder trust. In order to achieve least privilege, the Cloud Permissions Gap needs to be addressed on an ongoing, automated basis.
How Can We Close the Gap?
Security and infrastructure operations teams are being asked to do the impossible and are finding it increasingly difficult to manage and secure the dynamic nature of hybrid and multi-cloud infrastructure platforms while keeping up with the explosion of new over-permissioned machine and human identities, accounts, resources, and services. The CloudKnox Activity-Based Authorization Protocol enables these teams to easily create activity profiles for each unique identity and resource with access to an organization’s growing cloud infrastructure. In combination with the CloudKnox Just Enough Privileges (JEP) Controller, customers can automate and simplify permissions right-sizing across VMware, AWS, Azure, and Google Cloud, resulting in significant cost and time savings. Additionally, CloudKnox’s support for workloads on Kubernetes Containers, and serverless functions makes it the only fully comprehensive Cloud Infrastructure Entitlements Management (CIEM) available on the market.
Ultimately, the risk management strategy around cloud hosting will have a gaping hole if security and risk teams do not create a clear strategy to handle this problem while they plan to increase the pace of digitalization and cloud migration. With 87% of the surveyed organizations keen on implementing Zero Trust architecture post COVID-19, the issue of high-risk permissions cannot be ignored. The urgency of the problem requires overarching visibility, remediation and monitoring of permissions on a granular scale. At the end of the day, properly permissioned identities are organizations’ last line of defense when credentials have been compromised.
Security operators are faced with exponentially increasing attack vectors from which to protect their organizations. In fact globally, Cloud Infrastructure Security and Container Security are among the top 10 seed-funded technologies in the past 3 years. To shed light on the current state of cybersecurity posture, Wipro compiled in-depth research and data within their State of Cybersecurity Report 2020. Download the Wipro State of Cybersecurity Report 2020BACK TO BLOG