Cloud security is a broad industry spanning multiple solutions, from cloud workload protection (CWP) and cloud security posture management (CSPM), to infrastructure as code (IaC) security and much more. Within each respective solution comes more targeted solutions: serverless security, container security, platform security, threat detection, and the list goes on.

With an ever-expanding number of tools that organizations are expected to have to keep their clouds secure, it can be overwhelming for security teams and the wider organization to know where to start with their security strategy. Based on recent data uncovered by the Unit 42 cloud threat research team, I would argue that if there is one place for you to consider when beginning to map a robust security strategy, it’s with your identity and access management (IAM) policies.

You may have heard many people within the cloud security industry say that it is typical to start with CSPM when developing a strategy, and really, there is no incorrect place to begin. By starting somewhere, organizations open up the door to achieving comprehensive security across all aspects of being in the cloud. However, even though cloud security posture management is tried and tested when it comes to gaining visibility into your cloud environments, starting with identity brings in a vital piece that the former solution is missing: the human element.

Why Identity Is Your First Line of Defense
An identity in a cloud environment can be either human or non-human such as a service account, but it is people who manage the access permissions around those identities. When attackers take advantage of misconfigured or overly permissive identity access controls, they don't need to figure out how to pull off a technically complex compromise. Instead, they can simply gain access to resources as if they have a right to them.

According to Unit 42’s research spanning over 200 organizations, 99% of cloud users, roles, services, and resources were granted excessive permissions, which were left unused. This opens the door for threat actors who specifically target the cloud (also called cloud threat actors) to take advantage of vulnerable identity and access management policies. Organizations need to be aware of how to properly configure their IAM to help block unintended access, provide visibility into cloud activities, and reduce the impact when security incidents occur.

How to Get Started With Implementing Effective Identity and Access Management
While IAM governs the security of cloud infrastructure and helps prevent organizations from becoming a target for cloud threat actors, proper IAM configuration is challenging to achieve due to its dynamic nature and complexity. To help organizations defend themselves, they can start with the following three tactics: employ a cloud native application protection platform (CNAPP), focus on cloud infrastructure entitlement management (CIEM), and increase security automation.

First, cloud threat actors could successfully evade a siloed set of capabilities, but the comprehensive nature of a CNAPP — which consolidates security tools into a single platform from development through runtime — allows organizations to monitor all activity occurring in their cloud environments.

Additionally, by focusing on CIEM, organizations reduce the possibility of becoming an easy target. Minimizing admin credentials, implementing a strong password policy, enforcing least privilege access, and more are all methods to make this possible.

Finally, as cloud usage continues to grow, organizations need to keep up with vulnerability management at scale. Incorporating automation wherever possible can help reduce the manual steps involved in resolving security issues.

Start With Identity, End With Security
Most organizations are unprepared for an attack made possible by taking advantage of weak IAM policies. By making identity and access management the clear starting point for your organization’s security efforts, you shift your focus to something specific and tangible rather than the cloudy (no pun intended) call to action to implement cloud security as a whole. Through employing a CNAPP for your cloud security efforts, focusing on CIEM, and increasing security automation, identity becomes a tool for security rather than a key to the kingdom for exploitation.

About the Author

Dr. Jay Chen is a cloud security researcher with Prisma Cloud and Unit 42. He has extensive research experience in cloud native and DevOps security. His current research focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud native technologies such as containers and public cloud services. In the past, he also researched mobile cloud and distributed storage security. Dr. Chen has authored 20+ academic and industrial papers