Maksim Kabakou - Fotolia
IAM best practices for cloud environments to combat cyber attacks
The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware
Organisations are constantly looking to identify different use cases to integrate AI into their business processes and accelerate the adoption of generative AI technologies. Companies are also finding ways to build innovative AI solutions to meet this demand. As a result, the usage of cloud infrastructure and, thereby, the global cloud computing footprint continues to grow at an exponential rate.
The Cloud Security Alliance still ranks identity and access management (IAM)-related risks among the top two threats to cloud computing in recent years. Additionally, the Identity Defined Security Alliance surveyed over 500 large organisations and found that a whopping 84% of those organisations were impacted by an identity-related breach last year. Despite significant advances in the platforms, tools and utilities (some integrated with AI and analytics) used to manage the IAM landscape access management is still a top priority for security practitioners with lots of room for improvement. Here are some IAM-related best practices for companies to consider and consistently implement:
Centralise IAM
It is important to centralise the management of all identities, associated entitlements and integrate the sign-on process to various applications through a single and common platform. In addition to providing to a seamless user experience and alleviating password fatigue, there are many benefits to following a centralised IAM approach. This allows IT administrators to have a unified view of all identities and their access rights to various assets in a single pane. This increased visibility enables IT to better manage the administration of access management, troubleshoot issues and respond faster in the event to cyber attacks, reduce administrative overhead and enhance security. This method also facilitates consistent implementation of policies, understand user behaviour and improve compliance. Different teams within (both) small companies and large organisations tend to use a variety of specialised applications specific to their individual needs and it is important to ensure that accesses to these applications are integrated with the central platform.
Implement phishing-resistant MFA
Phishing and social engineering are the top causes of ransomware attacks and data breaches. Analysing some recent cyber attack patterns have shown that imposters find ways to steal the unique code that is required to access systems (in addition to passwords) from their victims. Companies should look to proactively implement phishing-resistant MFA techniques in place of the traditional code-based MFA methods to remove the human element in the process. Popular phishing-resistant MFA techniques include web-based authentication (WebAuthn) and PKI-based authentication. Top public cloud service providers like AWS and Azure provide capabilities to implement phishing-resistant MFA to access their cloud environments. The US Cybersecurity & Infrastructure Security Agency (CISA) notes that these techniques are the gold standard for protection against phishing and mandates its use as part of a zero-trust strategy.
Minimise the cloud unknown
According to a recent MIT Technology Review report, more than 50% of organisations have been attacked on unknown or unmanaged assets. These unknown assets include unused virtual machines that are not yet decommissioned, assets created by shadow IT teams or any asset created in the cloud outside of the approved means. These unknown assets lead to the presence of unknown identities and privileges that could be exploited by attackers to escalate privileges and move laterally. Organisations must have complete visibility of the cloud environment, including identities and entitlements. It’s equally important to inventory and manage any non-human identities like service accounts, applications, secrets/tokens and bots or machines. The rise of AI technologies has introduced a number of non-human identities in environments that needs to be managed and monitored with the same rigour.
The Security Think Tank on cloud IAM
Ricky Simpson, Quorum Cyber: Robust cloud IAM should align to zero-trust principles.
Back to IAM basics
Due to the ever-increasing size and complexity of the IT landscape, companies tend to overlook or rush through certain traditional access management processes. It is important to periodically review access authorisations to all assets in the environment by appropriate management personnel. This should not be a “checkbox” activity and should involve a thorough evaluation of access entitlements to detect privilege access creep. The accounts and authorisations included in the review should go beyond those that provide access to production systems. The review should include all non-human identities and accesses to source code repositories, keystores, secret vaults and all types of datastores.
Human error is often found to be the main reason for cyber incidents. So, key processes like account provisioning, deprovisioning and access reviews should be automated. It is recommended that the centralised IAM platform is interfaced with the company’s HRMS tool to automate the offboarding of employees. Further, the access review process should also be automated at periodic intervals to ensure all access rights are commensurate to job responsibilities.
In addition to deploying sophisticated solutions, companies should establish a strong security-aware culture and practice basic IAM hygiene – follow the principle of least privilege, track all identities, monitor usage and periodically review entitlements. Given the large number of IAM-related root causes behind data breaches and cyber incidents, it is critical to ensure a smooth and efficient operationalisation of IAM governance processes in the IT environment because a well-managed IAM landscape is the foundation for a strong cybersecurity posture.
Varun Prasad is vice president of the ISACA San Francisco Chapter and a member of ISACA's Emerging Trends Working Group
