close
close

Association-anemone

Bite-sized brilliance in every update

IAM best practices for cloud environments to combat cyber attacks
asane

IAM best practices for cloud environments to combat cyber attacks

Organizations are constantly looking to identify different use cases to integrate AI into their business processes and accelerate the adoption of generative AI technologies. Companies are also finding ways to build innovative AI solutions to meet this demand. As a result, the use of cloud infrastructure and thus the global footprint of cloud computing continues to grow at an exponential rate.

The Cloud Security Alliance still ranks Identity and access management (IAM) risks are among the top two threats to cloud computing in recent years. Additionally, the Identity Defined Security Alliance surveyed over 500 large organizations and found that 84% of these organizations were affected by an identity breach last year. Despite significant advances in the platforms, tools, and utilities (some integrated with artificial intelligence and analytics) used to manage the access management of the IAM landscape is still a top priority for security professionals, with plenty of room for improvement. Here are some IAM best practices for companies to consider and consistently implement:

Centralize IAM

It is important to centralize the management of all identities, associated rights and integrate the process of signing in to various applications through a single and common platform. In addition to providing a seamless user experience and mitigating password fatigue, there are many benefits to a centralized IAM approach. This allows IT administrators to have a unified view of all identities and their access rights to different assets in a single pane. This increased visibility enables IT to better manage access management, troubleshoot and respond faster to cyber attacks, reduce administrative overhead and increase security. This method also facilitates consistent policy implementation, understanding user behavior and improving compliance. Different teams within (both) small companies and large organizations tend to use a variety of specialized applications specific to their individual needs, and it is important to ensure that access to these applications is integrated with the central platform.

Implement phishing-resistant MFA

Phishing and social engineering are the main causes of ransomware attacks and data breaches. Analysis of recent cyber attack patterns has shown that fraudsters are finding ways to steal the unique code needed to access systems (in addition to passwords) from their victims. Companies should look to proactively implement phishing-resistant MFA techniques instead of traditional code-based MFA methods to remove the human element from the process. Popular phishing-resistant MFA techniques include web-based authentication (WebAuthn) and PKI-based authentication. Leading public cloud service providers such as AWS and Azure offer phishing-resistant MFA deployment capabilities to access their cloud environments. The US Cyber ​​Security and Infrastructure Agency (CISA) notes that these techniques are the gold standard for phishing protection and requires its use as part of a zero trust strategy.

Minimize the unknown cloud

According to a recent report by MIT Technology Review, more than 50% of organizations have been attacked on unknown or unmanaged assets. These unknown assets include unused virtual machines that have not yet been decommissioned, assets created by shadow IT teams, or any assets created in the cloud outside of approved means. These unknown assets lead to the presence of unknown identities and privileges that could be exploited by attackers to escalate privileges and move laterally. Organizations must have full visibility of their cloud environment, including identities and entitlements. It is equally important to inventory and manage any non-human identities such as service accounts, applications, secrets/tokens, and robots or machines. The rise of AI technologies has introduced a range of non-human identities into environments that need to be managed and monitored with equal rigour.

Back to IAM basics

Due to the increasing size and complexity of the IT landscape, companies tend to overlook or rush through certain traditional access management processes. It is important to periodically review access authorizations for all assets in the environment by appropriate management personnel. This should not be a “check box” activity and should involve a thorough assessment of access rights to detect privileged access. Accounts and authorizations included in the review should go beyond those that provide access to production systems. The review should include all non-human identities and accesses to source code repositories, key stores, secret vaults, and all types of data stores.

Human error is often considered to be the main reason for cyber incidents. So key processes like account provisioning, deprovisioning and access review should be automated. It is recommended that the centralized IAM platform be interfaced with the company’s HRMS tool to automate employee on-boarding. In addition, the access review process should also be automated at regular intervals to ensure that all access rights are commensurate with job responsibilities.

In addition to implementing sophisticated solutions, companies should establish a strong security-aware culture and practice basic IAM hygiene—following the principle of least privilege, tracking all identities, monitoring usage, and periodically reviewing rights. Given the large number of IAM-related root causes behind data breaches and cyber incidents, it is essential to ensure a smooth and effective operationalization of IAM governance processes in the IT environment, as a well-managed IAM landscape is the foundation of a position strong cyber security. .

Varun Prasad is Vice President of ISAAC San Francisco Chapter and member of ISACA’s Emerging Trends Working Group