The Inaugural State of Cloud Entitlements Report: A Deep Dive into Permissions Management in Hybrid and Multi-Cloud EnvironmentsApril 13, 2021
By Raj Mallempati, COO of CloudKnox Security
CloudKnox Security has released the Cloud Infrastructure Entitlement Management (CIEM) market’s first-ever State of Cloud Entitlements Report identifying critical high risk permission gaps within enterprises’ public and hybrid cloud infrastructure deployments. Namely, the fact that 90% of organizations use less than 5% of permissions granted. The extensive CloudKnox Threat Labs research, which includes the participation of more than 150 global organizations, makes clear there is an industry-wide Cloud Permissions Gap crisis that needs to be addressed immediately to ensure Zero Trust Compliance.
The Cloud Permissions Gap refers to the delta between permissions granted and those actually used. This lack of control over permissions poses serious risks for users across all major cloud providers including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and VMware vSphere for their hybrid or multi-cloud environments.
Sneak Peek at The State of Cloud Entitlements Report Findings:
Amazon Web Services
Two-thirds of most enterprises have Elastic Compute Cloud (EC2) instances with access to all Simple Storage Service (S3) buckets.
Google Cloud Platform
More than 50% of enterprises have project-wide Secure Shell (SSH) keys enabled for virtual machine (VM) instances.
More than 85% of enterprises have over-permissive identities left orphaned after projects are terminated.
More than 60% of groups and identities accessing the vSphere infrastructure are inactive and have high-risk permissions.
The report findings underscore the fact that attackers can leverage over-privileged identities to traverse laterally, elevate permissions and cause extensive data exfiltration. Permissions misuse or abuse can allow both human and machine identities to create and destroy portions of the cloud infrastructure. As organizations continue to push for digital transformation, it is imperative that least privilege policies are effectively executed to achieve Zero Trust access in the cloud.
The full report details all of the key risk assessment findings, the implications of each risk, recommendations for remediation and recommendations for operationalizing permissions management, along with full methodology. Access the report here.
Want to share a fact from the report on social media? Be sure to tag us on Twitter and use #StateofCloudEntitlements and #CIEM to join in on the conversation!BACK TO BLOG