Cloud native environments are such a departure from more traditional approaches that it may be easy to forget that many tried-and-true security principles may still apply to these modern environments. For example, identity and access management is every bit as critical for cloud native environments as it is for more traditional environments. However, the reality is, least privilege access rights are still not properly enforced in the cloud. The recent Sysdig 2023 Cloud-Native Security and Usage Report found that 90% of granted permissions are not used, making it a lot easier for cybercriminals to move laterally once they get in.
Given the fact that non-admins used only 10% of granted permissions over a 90-day window, there is definitely a tendency for DevOps teams to grant more permissions than needed. Undoubtedly, this is the case for machine identities as well as human identities, ultimately increasing the risk of attack.
In this edition of the cloud native security news digest, we’ll explore over-permissioning and other top cloud security risks that you need to be prepared to minimize, or heaven forbid, mitigate. Plus, we’ll point you towards some independent perspective on strategies and best practices that you should consider.
Multi-cloud ‘Over-permissioning’ Causing Cyber Risk Headaches for Businesses
The 2023 Microsoft report State of Cloud Permissions Risks found that, with rising cloud workloads and infrastructure expansion, many organizations are granting permissions that fall into a high-risk category. What are the root causes? “As cloud environments expand, they have inadvertently become more complex to manage,” the report notes. In particular, the expansion of machine-based identities in cloud environments was concerning.
According to Alex Simons, corporate VP of program management at Microsoft’s Identity division, this is troubling because, “The number of workload identities operating across clouds, including apps, VMs, scripts, containers, and services has exponentially increased, now outnumbering human identities ten to one.”
How are you managing permissions for the growing number of workloads in your organization? Read the full story on TechCentral.ie.
Top 5 Cloud-Native Risks and Best Practices to Avoid Them
Container misconfigurations continue to be a top risk for cloud native environments. And misconfigured TLS certificates, or machine identities, are not immune to that troubling trend. Any type of open-source software can introduce vulnerabilities early in the application lifecycle pipeline. If the software vulnerability remains undetected and is deployed at runtime, it can cause hundreds of vulnerabilities in an organization’s applications.
This is particularly disturbing because attackers are always on the lookout for vulnerabilities to exploit, and new technology provides fertile ground for such exploits. Learn what you need to do to make sure your organization doesn’t learn how to secure infrastructure "the hard way."
See which top cloud native security risks you should be focused on minimizing. Read the full story on Network Computing.
Cloudy with a Chance of Risks: Top Strategies for Tackling Cloud Security in 2023
Cloud security risks continue to evolve with the changing threat landscape. With the rapid growth of cloud computing, we are seeing a corresponding increase in the risks associated with cloud security. These risks can have far-reaching effects on organizations, including sensitive data loss, reputation damage and regulatory fines.
In particular, misconfigurations remain a common cause of cloud security incidents. According to PeoplActive, “We can expect to see an increase in misconfigured cloud services leading to data breaches, service disruptions, and other security incidents. Organizations must take a proactive approach to ensure their cloud services are configured securely, and they must regularly review and update their configurations to mitigate the risk of misconfigurations.”
Do you have misconfigured machine identities in your containers? What about other risks? Read the full story on PeoplActive.