Do you know who is accessing your data in the cloud?
According to a study conducted by Laminar, one in three respondents did not know if a third party was able to successfully compromise their data in the public cloud. Respondents also didn’t have much insight into the behavior of insiders, who might accidentally access sensitive data without permission.
“It has become more difficult than ever for enterprises to have visibility into where their data is located, who has access to what, and why,” explained Laminar CEO Amit Shaked.
Even if they have procedures such as MFA in place to protect information, business leaders and security teams must assume that malicious actors, both inside and outside the organization, gain access.
But even if they know what is going on, the problem is the lack of visibility. This is due, in part, to the way we design data access.
“Access to data is often not through user accounts,” Shaked said, “but through system accounts that use tokens or API keys to gain access where MFA may not be practical. “.
Why security teams are still in the dark about the cloud
Cloud security has plagued security teams for years, and understanding data access is only part of the problem. The inability to log critical data sets that would show data abuse, exploitation, or exfiltration techniques creates an environment that prevents security teams from having a clear view of how the data is being accessed and used in an API framework.
As cloud usage becomes more pervasive in organizations, the scale and complexity will continue to challenge security teams.
“It’s difficult for security teams to manually maintain a clear picture of who has access to their cloud; when access to every cloud component, even down to a single data object, can be configured separately,” said Mohit Tiwari, co-founder and CEO of Symmetry Systems, in an email interview.
“No organization has even a single cloud anymore, but a connected mesh of public and private clouds,” Tiwari continued. “The scale and complexity of millions of data objects across thousands of data stores in multiple clouds, multiplied by a seemingly endless combination of roles, permissions for thousands of user and machine identities would be quite difficult for CISOs to secure, even if they remained constant; however, the billions of objects form over months or years and are constantly changing.
Identity and access management is necessary to administer permissions, but in reality, to aggregate and manage permissions based on blocks of data, least-privilege access is sidelined. This results in organizational turnover, resulting in less than ideal access to data.
The impact of hybrid working
Hybrid work environments have accelerated further, making an already ambitious plan for enterprise cloud adoption even more challenging.
“By going beyond the necessary security coverage, organizations are ready to deploy solutions that can secure new use cases as well as integrate with their existing security solutions,” said John Yun, vice president, strategy product, at ColorTokens. “The ease of use offered by the cloud, in some cases, can be perceived as high risk due to the scenarios of compromised credentials or, in the case of third parties, over-privileged users with more access than they should.Relying heavily on user logins without the layers of security controls often found in on-premises environments makes many security analysts nervous.
When it comes to security and cloud access, it all comes down to protecting credentials. Privilege creep exposes companies to greater insider risk from credential misuse and misuse, but what is most damaging to an organization is credential theft. identification.
“Credential-stealing malware can be more damaging to an organization if credentials are shared among employees, compromising multiple accounts from a single endpoint infection,” said Davis McCarthy. , Senior Security Researcher at Valtix, via email. “It can also be more difficult to identify who abused a set of credentials when investigating an insider threat when the entire development team is involved. Security teams investigating these types of events need visibility to create context that leads to mitigation and remediation.
The best way to approach cloud access and who is accessing it, legitimately or not, is to create visibility into cloud projects early on, not later when it could impact compliance.
While there are still relatively few regulations specifically targeting cloud security, anything that promotes poor cybersecurity posture in the cloud, especially the inability to track access and permissions, inevitably leads to security breaches. data, as evidenced by the increase in incidents attributed to misconfigurations in the cloud.
“The resulting fines and penalties under existing privacy regulations will only continue to increase as international, state and federal privacy and data protection legislation emerges and matures,” said Tiwari. “Inevitably, the persistent lack of compliance will force regulators to focus more on the rules in their approach to security; providing stricter rules to follow for data security in the cloud.