close
close

IAM best practices for cloud environments to combat cyber attacks

IAM best practices for cloud environments to combat cyber attacks

Organizations are constantly looking for different use cases to integrate AI into their business processes and accelerate the adoption of generative AI technologies. Companies are also finding ways to build innovative AI solutions to meet this demand. As a result, the use of cloud infrastructure and thus the global footprint of cloud computing continues to grow exponentially.

The Cloud Security Alliance is still in the rankings Identity and access management (IAM)-related risks are among the top two threats to cloud computing in recent years. In addition, the Identity Defined Security Alliance surveyed more than 500 large organizations and found that as many as 84% ​​of these organizations suffered an identity-related breach last year. Despite significant advances in the platforms, tools, and utilities (some integrated with AI and analytics) used to manage the IAM landscape, access management is still a top priority for security professionals, with plenty of room for improvement. Here are some IAM-related best practices that companies can consider and implement consistently:

Centralize IAM

It is important to centralize the management of all identities and associated rights and integrate the login process for different applications through a single common platform. In addition to providing a seamless user experience and reducing password fatigue, there are many benefits to following a centralized IAM approach. This allows IT administrators to get a unified view of all identities and their access rights to different assets in one window. This greater visibility allows IT to better manage access control, troubleshoot issues and respond more quickly to cyber attacks, reduce administrative overhead and improve security. This method also facilitates the consistent implementation of policies, understanding user behavior and improving compliance. Different teams within (both) small businesses and large organizations tend to use a variety of specialized applications specific to their individual needs and it is important to ensure that access to these applications is integrated with the central platform.

Implement phishing-resistant MFA

Phishing and social engineering are the main causes of ransomware attacks and data breaches. Analyzing some recent cyberattack patterns has revealed that impostors are finding ways to steal the unique code needed to access systems (in addition to passwords) from their victims. Companies should look to proactively implement phishing-resistant MFA techniques instead of traditional code-based MFA methods to remove the human element in the process. Popular phishing-resistant MFA techniques include web-based authentication (WebAuthn) and PKI-based authentication. Top public cloud providers such as AWS and Azure offer options to implement phishing-resistant MFA to access their cloud environments. The US Cybersecurity & Infrastructure Security Agency (CISA) notes that these techniques are the gold standard for phishing protection and mandates its use as part of a zero-trust strategy.

Minimize the cloud unknown

According to a recent report from MIT Technology Review, more than 50% of organizations have been attacked on unknown or unmanaged assets. These unknown assets include unused virtual machines that have not yet been retired, assets created by shadow IT teams, or assets created outside of approved assets in the cloud. These unknown assets lead to the presence of unknown identities and privileges that can be exploited by attackers to escalate privileges and move laterally. Organizations must have full visibility into the cloud environment, including identities and rights. It is equally important to inventory and manage all non-human identities, such as service accounts, applications, secrets/tokens, and bots or machines. The rise of AI technologies has introduced a number of non-human identities into environments that need to be managed and monitored with the same accuracy.

Back to the basics of IAM

Due to the increasing size and complexity of the IT landscape, companies tend to overlook or rush through certain traditional access management processes. It is important to periodically review access authorizations to all assets in the environment by appropriate management personnel. This should not be a “checkbox” activity and should include a thorough review of access rights to detect privilege creep. The accounts and authorizations included in the evaluation should go beyond those granting access to production systems. The assessment should include all non-human identities and accesses to source code repositories, key stores, secret vaults, and data stores of all types.

Human error often turns out to be the main reason for cyber incidents. So important processes such as provisioning, deprovisioning accounts and access reviews need to be automated. It is recommended to link the centralized IAM platform with the company’s HRMS tool to automate employee offboarding. Furthermore, the access control process should also be automated at periodic intervals to ensure that all access rights are commensurate with job responsibilities.

In addition to deploying advanced solutions, companies must build a strong security-conscious culture and practice basic IAM hygiene – following the principle of least privilege, tracking all identities, monitoring usage, and periodically reviewing permissions. Given the large number of IAM-related root causes behind data breaches and cyber incidents, it is critical to ensure smooth and efficient operationalization of IAM governance processes in the IT environment, as a well-managed IAM landscape is the foundation for a strong cybersecurity position. .

Varun Prasad is vice president of the ISACA San Francisco Chapter and member of ISACA’s Emerging Trends Working Group