Identities have become the primary attack surface in the cloud. However, they remain largely unprotected because traditional security tools were designed to protect the network perimeter, not user and service accounts.
Gartner predicts that by 2023, 75% of cloud security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020. There are several factors driving these cloud security deficiencies.
A common one is dispensing too many or unnecessary entitlements. This practice provides hackers dozens, even hundreds of weaknesses to exploit.
Tracking cloud-access entitlements is so manually intensive and time-consuming that many organizations just hope for the best. This is easy to understand, given that native cloud platform tools fail to provide adequate visibility or context into entitlements and activity.
Meanwhile, most identity and access management (IAM) tools, such as identity governance and administration (IGA) and privileged access management (PAM), are typically limited by on-premises infrastructures. When transferred to the cloud, they lack the granular and resource-level visibility to identify or remediate access risks and excessive permissions.
As a result, many organizations resort to cloud security tools with limited capabilities over entitlements such as cloud security posture management (CSPM), cloud access security brokers (CASB), and cloud workload protection (CWPP). These are typically too broad, shallow, or specialized to deliver the insights needed to understand access risk across all identities.
Three Steps to Securing Identities in the Cloud Securing cloud infrastructure calls for a unified, deep view into all identities to understand the full stack of access entitlements and privileges and their associated risks.
The first ..
Support the originator by clicking the read the rest link below.
