Even if your cloud workloads are complex and data is privileged – it’s still on the customer to secure

Spread the love

Another day, another example of misunderstanding shared responsibility when it comes to cloud security. Or is it?
A new report from identity and access management (IAM) provider Centrify has argued that while many organisations understand the basics of shared responsibility, the increasing complexity of workloads means that confusion occurs when it comes to privileged access.
The study, titled ‘Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments’, polled more than 700 respondents across the UK, US, and Canada. Three in five (60%) respondents said security was the leading challenge when it came to cloud migration generally, while more than half (51%) affirmed they were taking different approaches to securing cloud workloads compared with on-premises.
Yet the responses begin to unravel after this. 60% of those polled said they believed cloud providers were responsible for securing privileged access. This goes to show that while some data may be more privileged than others, it all falls under the same bucket.
Cloud providers, as they frequently note, are responsible for the security of the cloud – infrastructure and uptimes et al – while the onus is on the user for security in the cloud; applications and data. While not being able to cut the cord completely, vendors have gradually taken more proactive steps; none more so than Amazon Web Services, who this time last year launched a new offering to help mitigate against open bucket misunderstandings – which are frequently an open goal for criminals.
For Centrify, the company’s focus on privileged access management (PAM) can be seen in other survey responses. More than two thirds (68%) of those polled said they were not implementing PAM best practices for cloud environments, while more than three quarters (76%) said they use more than one identity directory for their cloud strategy, putting them at risk of ‘identity sprawl’ attacks.
Organisations predominantly saw applying privileged access controls as a way to secure access to cloud service management – cited by 71% – while secure access to cloud workloads and containers was cited by more than half (53%). The report notes how that the more specific the privilege is, the interest diminishes in securing it.
In terms of best practices companies utilise, unsurprisingly the most popular was multi-factor authentication across all privileged access accounts – albeit only cited by 60% of those polled. The remaining factors were used by less than half of respondents, from operating a ‘least privileged access’ model (43%), to privileged session monitoring (38%). It must be noted that many of these questions come down to how many clients have an ‘all-in-one’ security offering, compared with a more bits-and-pieces strategy.
Centrify argues there are five key actions organisations should take; understanding privileged access to cloud environments was the company’s responsibility; reducing risk associated with identity sprawl; enforce a least privilege model; employ a common security model; and modernise your security approach, focusing on cloud-native PAM.
“We know that 80% of data breaches involved privileged access abuse, so it’s critical that organisations understand what they are responsible for when it comes to cloud security, and take a least privilege approach to controlling privileged access to cloud environments,” said Centrify CEO Tim Steinkopf. “Too much access and privilege puts their workloads and data at risk.”
You can read the full report here (email required).
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

X ITM Cloud News


Next Post

Virtual private cloud?

Mon Nov 25 , 2019
Spread the love          Hi I’m a undergrad student exploring cloud computing. I wanted to build a Function as a service architecture (FAAS) driven by HTTP event in VMware workstation. This is my plan, I have a Esxi hypervisor which hosts two ubuntu VM’s I call them server 1 and server 2. […]

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware