Arick Goomanovsky, co-founder of Ermetic, explains how managing cybersecurity for multi-clouds is forcing organizations to rethink traditional approaches. Cloud native controls, purpose built for managing privileges and access for any cloud platform, provide capabilities that on-premise and cloud provider specific tools lack.
It’s hardly breaking news that conventional on-premises approaches to managing cybersecurity are ineffective in complex multi-cloud environments, which is forcing IT and security teams to rethink their control and protection mechanisms.
What sets cloud technology apart from on-premises infrastructure is a basic but often overlooked fact: threats and attack methods aren’t the same. For one thing, cloud services are interrelated. It’s all about the context and it’s all about combining everything. And there is no way to accurately assess risk without looking at the configuration of all of those moving parts.Â
Why Identity Is Essential for Cloud Native Security
Â
For another, humans aren’t the only identities in the cloud. There are thousands of service identities in every cloud deployment and each one of these identities can have thousands of permissions and entitlements. Finally, because identity and access management (IAM) is often the only control point in the cloud, it is often the last line of defense against security breaches.
A successful account compromise can give an attacker access to cloud assets from anywhere in the world. Therefore, organizations need to place identity at the center of their cloud security strategy.Â
The Purpose of Cloud Native Controls
Defending against credential theft attacks in the cloud requires a security reset. It’s essential to use cloud native security controls for authentication and privilege/entitlements management to build a more secure framework. Unlike on-premise and cloud provider specific tools, cloud native controls are purpose built for drilling down into any cloud platform and managing privileged identities and access for both human and machine identities. The latter, which can include applications, workloads, virtual machines, containers, and even the code running on them, typically outnumber human identities by a factor of two or more.Â
Learn More: Spring Cleaning: Tidying up Unauthorized Access in Multi-Cloud Configurations
Yet, in order to move to a framework of least privileged access, it’s critical to know which machine identities require access to what, and what level of access is necessary. There are two issues in motion here: whether a machine identity (or in other words, a service) requires access and what level of access it requires. This can even change based on time, location, and other factors.
In addition, since machine identities are software services, they often require a complex trail of permissions to access other services. For example, virtual machines need entitlements to access databases, etc. Left unchecked, machine identities can create unintended exposures and risks.Â
Learn More: Adaptive Cloud Security: What It Means for Modern Enterprise Networks
People, on the other hand, don’t need to have unlimited privileges to the entire environment all of the time. Sometimes they need to access one resource, sometimes they need to access a set of other resources, but most of the time they need temporary access to specific resources. To eliminate the risk of excessive access, and work toward the principle called Least Privilege, there is a need to learn what the actual usage behavior is and then design the security framework accordingly.
Heading Toward an Automated Cloud-Native Approach
A more automated cloud-native approach with a single pane of glass is at the center of a best practice approach. While the need for various point solutions doesn’t go away, a more sophisticated approach to identity and credential management pays dividends. It’s about the ability to automatically control what kind of resources an organization needs at any point in time through an Infrastructure-as-a-Code framework. Among other things, this makes it possible to automatically spin up cloud instances that are consistent in both configuration and security policy.
The Future Is With Cloud Native SecurityÂ
The benefits of using cloud native security controls are clear. Once governance rules are in place, provisioning and deprovisioning resources are simpler and more manageable. Not only is it possible to lock down clouds more effectively, DevOps, sprints, and supply chain integration become easier and more secure. At last, multi-cloud governance becomes possible, and building a digital framework that’s secure and capable of enforcing policies becomes real.Â
Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!