Did you know that more than 40,000 permissions exist across the top three leading cloud platform providers? And yet 99% of these permissions are going unused. This has created a dangerous permissions gap in which a single server admin could potentially access thousands of permissions across multiple cloud infrastructures.
As this permissions gap expands, so too does an organization's attack surface. Current identity and access management (IAM) solutions are ill-equipped to manage multicloud identity infrastructure, and many security teams are unable to enforce the zero-trust tenet of least privilege access due to the sheer volume of permissions within their organizations.
As organizations work to modernize their IAM model for multicloud environments, there are a few best practices to keep in mind. For example, single sign-on and multifactor authentication can be implemented alongside new identity governance and permissions solutions to create a comprehensive IAM model that improves security without interfering with end-user productivity.
Read on for our top tips on optimizing IAM for multicloud environments.
Securing Identity Starts With Individual Usage Profiles
One of the first things that security teams will need to do is audit their current IAM model. For that audit to be successful, the IT department will need to create an individual usage profile for each unique user and nonhuman workload identity within the organization.
Workload identities are a type of nonhuman or machine identity that is assigned to software workloads to authenticate and access other services and resources. Though the use of workload identities can vary from organization to organization, they’re typically used to allow software entities to authenticate with some system. Their rise in popularity represents a new kind of security risk for organizations, as workload identities currently outnumber human identities 10:1. And while human users typically have one identity that is used to access multiple resources, software workloads can use multiple credentials to access different resources.
By creating individual usage profiles for all human and nonhuman workload identities, security teams can understand how many identities exist within their organizations, who has access to what, and how those permissions are currently being used. This provides better visibility into current risks. It also allows security teams to determine whether past permissions are still necessary — for example, when a contractor's work is complete or an employee has transitioned into a new position.
Additionally, because the rising adoption of multicloud environments has led to a boom in identities, permissions, and resources, organizations need to ensure that they have visibility across all of their cloud providers. Cloud infrastructure entitlement management (CIEM) is one solution.
What Is CIEM?
Originally coined by Gartner, CIEM comprises seven core pillars: account and entitlements discovery, cross-cloud entitlements correlation, entitlements visualization, entitlements optimization, entitlements protection, entitlements detection, and entitlements remediation. Essentially, CIEM uses analytics and machine learning to determine whether a permission has been granted unnecessarily, is being used incorrectly, or whether a previously granted permission is going unused. From there, security teams can use CIEM to enforce least privilege access and monitor permission risks across their entire networks.
CIEM differs from security information and event management (SIEM) in that it is more focused on addressing access management risks. SIEM is used to collect and analyze event and log data from multiple sources into a single centralized platform. From there, SIEM can deliver threat detection, prioritize security alerts, offer response guidance, and more. CIEM works with SIEM to deliver that same level of security and comprehensive monitoring across hybrid and multicloud environments using zero trust principles.
When implementing CIEM or any other IAM model, organizations must ensure that they don’t interfere with end-user productivity. These access decisions must be granular enough to cover all identities and workloads within the organization while also being responsive enough to adapt to real-time risk assessments. By unifying identity management procedures within a single centralized solution, organizations can enable real-time access decisions for all identities across hybrid and multicloud environments. This, in turn, instills greater trust in every digital experience and interaction that power everyday operations.
Read more Partner Perspectives from Microsoft Security.