The Privilege Dilemma
Unprecedented levels of automation and innovation have led to an exponential growth in human and non-human identities who have, in turn, amassed tens of thousands of privileges across a growing number of platforms, devices, services etc. In effect, modern infrastructure has created “super identities” with extraordinary power that can create or destroy an entire data center with a single command.
Enterprises have gone from managing less than 100 to over 20,000 privileges across the four major cloud platforms – Amazon Web Services, Microsoft Azure, Google Cloud Platform and VMware. Of the 20,000+ privileges, over 50% are considered high-risk – if these super identities falls into the wrong hands or is accidentally misapplied, the damage can be significant.
Their biggest pain point is visibility – they simply don’t have the level of visibility required to truly understand which identities are performing what actions on their critical resources across multiple, complex and vastly different cloud operating models. Moreover, the identity teams don’t have the time or expertise to keep up with the proliferation of privileges, roles, resources and services across multiple cloud platforms. It’s a perfect storm.
As more enterprises move to hybrid and multi-cloud environments, over-provisioning of privileges starts to spiral out of control, leaving security and operations teams to clean up the mess. Additionally, most identities use less than 1% of their privileges to perform day-to-day operations, leaving 99% of privileges unused and wide-open to misuse or exploitation. Most enterprises are generally aware of the problem and want to fix it, but they rarely know where to start or what to do.
Targetted Assessment Programmes:
“Not all cloud environments are made equal,
some are more equal than others “
Whether you are building new infrastructure within your cloud estate to take advantage of lower operating costs; or migrating services into Platform As A Service models to realise high-available, low-latency and fault-tolerance infrastructure; understanding your permissions structure and role-based access control is a key requirement.
Although some cloud providers offer more power to control the environment, there are still many elements which need to be defined and configured to enable this security. As with any platform, if you do not provision the right controls, security will be weak. Given that many cloud environments focus on the ultimate power and flexibility of usage and not ultimate security and compliance this leaves work to be done to ensure the environment is protected and safe for your users and any data provisioned within.
Through the combination of technology and service processes CyberOrchard can help guide you through these challenges and provide a constant real-time auditing service, showing users, roles, groups and all effective permissions within your cloud estate. Targetted assessments are performed to begin with, and then built into the service model to provide the appropriate level of coverage for your estate.
Cloud Security Program Assessment
Improve your public, private, multi-vendor cloud, and hybrid prem-cloud environments at any cloud adoption stage. Our assessment helps you identify where you can manage data risk, automate processes, and identify configuration vulnerabilities through a framework based on NIST, ISO 27001, CIS, and CSA controls. Through use of scanning tools, we identify data exposure, data in transit, high-value data at rest in the cloud, and high-risk applications used by employees. Security leaders receive top recommendations for reducing risk, automating processes, and identifying sensitive data and privacy exposure.
Cloud Security Exposure Assessment
During this assessment we uncover areas of security exposure in IaaS and SaaS environments. CASB and CSPM tools are used to scan for security misconfigurations, vulnerabilities, data exposure, sensitive data, and high-value data-at-rest. Security leaders receive a prioritized remediation roadmap outlining results and top areas for risk reduction strategies, and further automation opportunities.
AWS Cloud Security Assessment
It is all too easy for users to spin up AWS services for corporate use, but difficult to track who is adhering to corporate policy regarding proper settings and use of data. We assess your AWS security posture, benchmarking against CSA, NIST, CIS, ISO 27001, and AWS-specific recommendations. Using automated tools, we scan your AWS environment, including native AWS data stores, AWS data lakes, and security settings, and identify misconfigurations and vulnerabilities. Security leaders receive a findings summary with prioritized remediation recommendations tailored to accommodate any business constraints.