As per this webinar on BrightTalk:
4 pillars of cloud security are:
- Least privilege – identity should have only permissions needed
- critical data monitoring
- shift left integration – all persons from bottom to top should be involved in security
- prevent and fix fast
Least privilege =
- permissions needed by the workload to function correctly.
- Given an identity, ability to do only what it needs to do.
Previously in data centers, permissions management was simpler with users, groups and service accounts.
Now with the cloud and multicloud identity and access management + explosion of data — > permissions management has become very complex.
Because of the complexity, it is difficult to know which identity has what permissions.
Sometimes combinations of overlapping privileges creates a “toxic combination“. An identities effective permissions can be more than desired.
For this purpose, a graph showing all the permissions available to an identity will enable a better understanding of effective permissions.
From the Identity perspective of effective permissions we can try to know
- who has the permissions
- what actions are available
- where actions can be taken from
- what can be done with the actions available
From the Data Access perspective of effective permissions, we can try to know
- who has access to the data
- how the access was obtained
- where the data can be accessed from
- what can be done with the access
Steps to set this up — a tool is Sonroi Dig Platfrom:
- discover all the identities (from various configs, files, settings)
- discover all the data sources
- understand effective permissions
- set a baseline
Subsequently this needs to be kept going by:
- continuously monitoring least privilege
- tuning and remediation
This can be done by all groups together:
- security team
- audit team
- dev ops team
The solution uses:
- industry known frameworks
- previous knowledge of how privileges escalate
- new exploit information and research
DataUntangle 