In 2019, the cloud security industry was experiencing rapid growth and a shift in focus towards securing the cloud. Acronyms like CSPM (cloud security posture management) were emerging, and enterprise security leaders were grappling with where to start. Fast forward to 2023, and the landscape of cloud security has evolved significantly.
Cloud security is no longer just about fixing configurations or permissions; it’s about controlling access to the cloud. CyberArk has recognized this need and developed the Insight to Action framework, which helps bridge the gap between detection and remediation in cloud security. This framework focuses on six key areas that pose substantial threats in the cloud environment.
The first insight in the framework is about dormant users in the cloud. Dormant accounts with retained access privileges can be a hidden threat, providing backdoor entries for malicious actors. To mitigate this risk, organizations can use automation to revoke access or deactivate accounts after a certain period of inactivity. Regularly auditing user activity and conducting access reviews can also help ensure that only necessary and active accounts exist.
The second insight addresses misconfigurations, which can expose organizations to various risks. With the complexity of modern cloud architectures, misconfigurations can easily go unnoticed. To address this, organizations should review and audit cloud configurations frequently, aligning them with best practices. Implementing multi-factor authentication (MFA) for all users and adopting a just-in-time (JIT) access model can also help reduce the risk surface.
Persistent access to the cloud is the third insight in the framework. If an attacker compromises an account and maintains persistent access, they can conduct reconnaissance and spread to other parts of the network. Organizations can mitigate this risk by shifting to JIT access, conducting frequent access rights reviews, enforcing MFA for all users, and adopting a zero standing privilege (ZSP) model.
Excessive permissions, the fourth insight, can turn a minor breach into a catastrophe. Assigning permissions based on organizational roles, automating permission assignments, and adhering to the principle of least privilege can help address this threat. Regularly reviewing and adjusting permissions, switching to a JIT access model, and monitoring user activities can also reduce the risk of excessive permissions.
The fifth insight tackles unrotated secrets, such as API keys and passwords, which act as access conduits to crucial data and services. If these secrets remain static, the risk factor increases. Implementing a mandatory policy to rotate secrets at regular intervals and automating secrets rotation can help mitigate this threat. Establishing a centralized management system for all secrets and having mechanisms in place to revoke and replace secrets instantly are also important.
Finally, the sixth insight focuses on non-vaulted admin accounts. Admin accounts grant privileged access to critical systems and data, and when left unguarded, can pose a significant risk. Implementing and enforcing MFA for all admin accounts, regularly reviewing and updating admin account permissions, and closely monitoring admin account activities can help mitigate this risk.
By addressing these six insights, organizations can significantly reduce cloud risk and ensure a secure cloud experience. The Insight to Action framework, built on CyberArk’s risk-focused best practices and identity security framework, provides a comprehensive approach to cloud security. As the cloud security landscape continues to evolve, it is crucial for organizations to stay proactive and resilient in their identity security posture.