Many security experts view identity as the new perimeter due to the proliferation of the cloud.
Organizations need to implement cloud identity and access management best practices to secure applications and data outside the traditional network.
Not all security professionals are comfortable with cloud IAM, however.
As organizations adopt more cloud services, they face some unique IAM challenges.
One of the more pressing problems is the rapid growth of various identities associated with cloud services.
The more cloud services in use, the more identities provisioned into these service provider environments.
This is problematic for tracking, monitoring and controlling cloud accounts, as well as for accessing cloud resources.
Organizations growing their SaaS, PaaS and IaaS footprints should follow these cloud IAM best practices, in addition to traditional recommendations of enforcing a strong password policy, using role-based access control or conditional access, and adopting zero trust.
For organizations moving into PaaS and IaaS clouds, an uncomfortable moment often occurs where teams - both IT operations and security - realize every asset has an identity of some type.
Organizations, especially those with a big cloud footprint, should consider cloud infrastructure entitlement management tools to monitor and control identities - and reduce security headaches.
Develop internal standards and account creation practices that govern how DevOps and other teams integrate identities and privilege models into cloud deployments.
Incorporate the principle of least privilege to ensure each cloud account can only access what a user needs to do their job.
Deprovisioning remains a classic IAM challenge, both on premises and in the cloud.
Implementing MFA for privileged admin accounts is the simplest control on this list of cloud IAM best practices.
While enabling logging in most major cloud environments is not difficult, it can be hard to coordinate and distill into meaningful activities in busy and complex environments.
While not all cloud services lend themselves to jump hosts or bastion services that act as intermediaries between privileged users and critical workloads and services, use them whenever possible.
Microsoft Azure Bastion, for example, is a native option that provides a secure access point between public and private clouds that contain an organization's applications and data.
It's also relatively simple to set up bastion hosts in AWS or Google Cloud Platform.
With the growth in automated pipeline activities in DevOps, it's critical to centralize and control cloud IAM accounts and access keys, as well as internal DevOps privileges, including keys, passwords and certificates.
Organizations should double down on cloud IAM controls and oversight.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 01 Feb 2024 17:13:04 +0000