Identity and Access Management – The Increasing Concern on Cloud Security

By Veritis

Identity and Access Management

Leading Cloud Access Security Broker (CASB) Netskope states that majority of Center of Internet Security (CIS) limit violations in AWS were related to identity and access management (IAM) issues.

According to Netskope Security Cloud customer accounts data, 71.5 percent of violations were related to IAM, an important cloud tool for user identification..

AWS Elastic Compute Cloud (EC2) was identified as the most likely resource where organizations faced IAM issues. The platform accounted for two-thirds of violations, 86 percent of the breaches were critical. Out of these, 4.5 percent were IAM issues.

Netskope states that these incidents indicate that the organizations’ actual implementations for cloud security were not in sync with their cloud security plans.

“While many organizations have controls around cloud services and implemented things like multi-factor authentication and single sign-on solutions, IaaS/PaaS identity and access policies still need to be set,” the report states.

“Many of the IAM violations involve instance rules and access to resources or password policy requirements – simple fixes that may not have been a focus when first setting up roles and instances,” it adds.

App Usage – Industry wise

Currently, enterprises use an average of 1,246 cloud services, which is a 5.5 percent increase compared to February 2018.

HR and marketing industries use an average of 170-175 services per enterprise. Although these apps are the most popular ones, 96-98 percent of them are not enterprise-ready in terms of cloud security.

Similarly, 94 percent of finance and accounting services are considered ‘not enterprise ready’ in terms of cloud security. This number further drops for CRM, IT Services and application management at a 93 percent.

Fortunately, cloud storage with an average of 28 services per organization is performing better than the rest, but still more than two-thirds of such services are not ready for enterprises.

Multi-Cloud Approach

The report also threw light on the fact that organizations were giving multi-cloud approach a lot of importance. This definitely adds to the burden of security teams than ever before.

“As organizations increasingly adopt a multi-cloud approach, IT teams must continuously assess the security of their public cloud infrastructure and be aware of the data moving in and out of those services,” said Sanjay Beri, Founder & CEO, Netskope.

“Enterprises should consider using the same security profiles, policies and controls across all services – SaaS, IaaS and web – in order to reduce overhead and complexity as the use of cloud services scales,” Beri adds.