Cloudy judgement
Combining the separate themes of cloud technology and identity access management (IAM) might seem like an oxymoron in today’s endlessly scaling environments, but there’s really no going back in the box when it comes to the promise of cloud in driving innovation. The fact is, security and operations teams currently have close to zero visibility as deployments accelerate and identity management becomes increasingly difficult to scale.
Losing control but gaining ideas
Can security teams ever truly understand their cloud permissions? As DevSecOps grows ever further into the cloud, more people have the ability to provision cloud resources independently, without involving IT. This freedom offers tremendous opportunity, but also poses a risk if IAM isn’t addressed. IAM policies are becoming more complex, making it harder to determine who or what has access to your cloud resources and what they can do.
And that could simply be the tip of the iceberg; a harbinger of how difficult managing identity can become at scale. Vulnerabilities are the inevitable follow-along, as IAM confusion sends countless organizations down the road toward future security incidents. To a large extent, this is all avoidable. Organizations can start by asking themselves these questions:
How can we limit and understand the cloud security “blast radius”?
What is the best approach to ensure that the right people and cloud resources have the ability to do the right things at the right time for the right reason?
Can we verify access by each principal, resource, or application?
Cloud services and assets all have their own identities containing several permission layers. And even something like a group policy permission may cancel, augment, or reduce an individual policy permission. There are, however, ways to open pe ..
Support the originator by clicking the read the rest link below.
