With nine in 10 companies adopting a multicloud strategy, service providers are focused on finding ways to support the management and security efforts of businesses that rely on multiple cloud resources.

4 Min Read
Photo depicting a multicloud strategy, with four hands drawing the concept with chalk.
Source: Wavebreakmedia Ltd FUS1404 via Alamy Stock Photo

In a nod to shifting attack vectors and organizational moves to multiple cloud services, Microsoft today launched a public preview of its service for managing permissions across not only Azure, but Amazon Web Services and Google's Cloud Platform.

The service, CloudKnox Permissions Management, will allow companies to manage the privileges and roles of individual users as groups, as well as workloads. The service builds on technology from CloudKnox Security, which focused on allowing administrators and security teams to gain visibility into the actions of humans and machines in the cloud. Microsoft acquired CloudKnox last July.

Permissions management is hard enough with a single cloud, but as more companies adopt a multicloud strategy, it has become even more difficult, says Joy Chik, corporate vice president for identity at Microsoft.

"If we let these islands in the cloud be managed separately, that is when the attackers will find the gaps between environments," she says. "So having a unified way to manage the permissions of both human and non-human identities across multicloud is really important to help our customers reduce their complexity and ease their administration of tasks."

Microsoft is only the latest company to revamp services to support organizations that are dealing with the complexities of managing and securing multiple clouds.

The portability and cost-competitiveness of using multiple cloud services has convinced most companies to adopt a multicloud strategy. In 2021, 92% of business executives had committed to using multiple cloud services, averaging 2.6 public cloud and 2.7 private cloud services, according to those surveyed for the annual "Flexera 2021 State of the Cloud Report." During the coronavirus pandemic, companies accelerated their move to the cloud to support an increasingly distributed workforce, with 90% of those surveyed believing that cloud usage would accelerate.

"Cloud plans and adoption have clearly shifted as a result of the pandemic," the report stated. "Some of the increase is a result of the extra capacity needed for current cloud-based applications to meet increased demand as online usage grows. Other organizations may accelerate migration from data centers to cloud in response to reduced headcount, difficulties in accessing data center facilities and delays in hardware supply chains."

Zero Trust for the Cloud
Microsoft's CloudKnox service will integrate natively with Amazon, Azure, and Google and will implement three zero-trust principles, enforcing explicit verification, least privilege, and assuming the user has been breached. The service presents a dashboard that highlights the riskiest identities and resources in corporate cloud infrastructure and distills the data into a Permissions Creep Index — a single number between 0 and 100 that measures the gap between the volume of permissions granted and those that are actually used.

"In a zero-trust world, we need to just take it as a matter of fact that all of our environments will be breached," says Microsoft's Chik. "So the question becomes, can we quickly reduce the blast radius? Being able to identify all the users, reduce the permissions, and monitor if there are any anomalies is a great way to help detect and remediate issues."

Assuming a breach is not too much of a stretch. Attackers have increasingly used credentials to attack cloud services and remote appliances, such as virtual private networks. Microsoft, for example, blocked nearly 26 billion identity attack attempts in 2021, while Akamai detected more than 193 billion credential-based attacks in 2020.

Yet, despite the shift, defenders have not done well at hardening their cloud infrastructure. More than 90% of identities across Microsoft customers — especially workload identities, which are increasing twice as fast as human identities — use less than 5% of configured permissions, Chik says.

"They are hugely, largely overpermissioned, and frankly really exposing customers' critical infrastructure as they move to the cloud," she says. "As many of our customers are building applications or workload identities that traverse different environments, having a unified permissions management for the cloud both eases the administrative experiences and also helped traverse these workload identities and permission management issues."

Permissions management is not the only business function to tackle multiple clouds. Cost management tools have also become increasingly popular, with 42% of companies using multicloud cost management tools to tackle the rising cost of cloud services — an annual increase of 9 percentage points, according to Flexera's report.

"Multi-cloud architectures are more complex and, therefore, more challenging to manage," the report stated. "Multi-cloud tooling is essential for managing cloud resources cost-effectively and ensuring strong governance and security."

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights