Where are you in your public cloud security optimization journey?
Public cloud adoption is exploding. Gartner forecasts worldwide public cloud end-user spending to grow 18% in 2021 to $304.9 billion. Organizations are taking hybrid and multi-cloud approaches to digitally innovate, modernize processes, build efficiencies, and collaborate among teams. With the right public cloud approach, your development team can get the resources they need fast to move your enterprise forward.
But with any technology, there is risk. Security breaches happen, and the proliferation of public cloud has given rise to shadow IT and other threats to your critical data and infrastructure.
To help your organization make sense of the current public cloud security landscape, and provide advice on how best to navigate it, we’ve created our new eBook 7 Essentials for Public Cloud Security Optimization, which you can read for free anytime.
This is the fourth post in a weekly blog series examining each of the seven essentials. This week, we’re taking a look at Essential #4: Nail Down Access Management or Risk Getting Hammered.
Essential #4: Nail Down Access Management or Risk Getting Hammered
Whenever there’s something new in technology, whether it’s new in public cloud or some other area, it’s a common pitfall to sit in awe of how cool it is and forget about the fundamentals of good security posture. One of those fundamentals is about access management. According to the Sophos report, 33% of organizations reported that cybercriminals gained access by stealing cloud provider account credentials. In fact, 91% of users had overprivileged Identity and Access Management roles.
Having a robust access management system can’t be a “nice to have” in the current public cloud climate. Always know exactly who has access to what, with full auditing and logging capabilities in the backend. Ensure your policies around privilege escalation are constantly being reviewed and updated so everyone has least privilege at all times. Use role-based access control to stop bad actors from accessing your sensitive workloads and data. You can further automate this by establishing approval workflows for sensitive/expensive data or resources and making that part of your provisioning process.