Moving workloads to the cloud has led organisations and IT administrators to lose control over workloads and relinquish many critical aspects of cybersecurity.
As a result, what is considered ‘inside’ in an on-premises based world is suddenly ‘outside’ in a publicly hosted cloud infrastructure.
Hackers can have similar access to publicly hosted workloads as IT administrators using standard connection methods, protocols and public APIs. As a result, the whole world becomes an insider threat. Workload security, therefore, is defined by the people who can access those workloads and the permissions they have.
The problem lies with the practicality and flexibility associated with cloud environments. Cloud administrators frequently grant extensive permissions to groups of users to enable them to accomplish tasks seamlessly.
In practice, most users use only a small portion of the permissions granted to them and have no business need for all of them. This represents a serious security gap since if these user credentials were ever to fall into malicious hands, attackers would have extensive access to sensitive data and resources.
According to Gartner’s Managing privileged access in cloud infrastructure report, by 2023, 75% of cloud security failures will be attributable to inadequate management of identities, access, and privileges.
The top three blind spots are:
1. Not understanding the difference between used and granted permissions
Eighty percent of excessive permissions are based on roles. In a cloud environment where the resources are hosted ‘outside’ the organisation, the access permissions to the network define the organisation’s threat surface.
Unnecessary permissions stem from the gap between what users need to get their job done and what they have in terms of permissions. Put differently, it is the gap between defined and used permissions. The difference between these two is your organisation’s attack surface.
Understanding the difference between used and granted permissions is one of the biggest blind spots that lead to a data breach. This is why it is important to monitor and analyse this gap constantly to make sure that it is as small as possible, and consequently, that the attack surface is equally small.
2. The problem isn’t detection, it’s correlation
Cyber security alerts have become the proverbial ‘boy who cried wolf.’ According to a multitude of third-party reports, the average security operations centre handles approximately 10,000 alerts per day.
When security teams are overloaded with alerts, indicative alerts of potentially malicious activity are often overlooked and lost in the sea of warnings. The lack of visibility to delete all the alerts that matter the most is the driver behind one of the biggest cloud security blind spots for organisations. It is critical that security teams have a unified view across multiple cloud environments and accounts with built-in alert scoring for efficient prioritisation.
3. An inability to connect the dots
Data breaches don’t happen instantly, they unfold over time. They’re a long process of trial and error by the attacker, comprising numerous small steps and activities as the attacker attempts to gain access to sensitive data.
These small steps and activities, many of which are low or medium-priority events, are frequently overlooked. Making matters worse, the average time for detecting a data breach is six months. Even if individual events are detected, they are frequently forgotten when the next related event is detected. The ‘dots’ never get connected.
The ability to correlate individual events/alerts over time into an attack ‘storyline’ can help mitigate another major cloud security blind spot for organisations and is critical to stopping a data breach before it happens.
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.
Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
ENTER THE SHOP NOW!
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT’S ON ITWIRE TV NOW!