In his recent article for the Forbes Technology Council, Ermetic CEO and co-founder Shai Morag addresses the shared responsibility of cloud security between cloud service providers and user organizations. While cloud providers handle infrastructure security, companies are typically left to their own devices to protect the rest of their security stack.
The Forbes article outlines some of the top security risks in the cloud: application risks, workload risks, network risks and platform risks.
In addition, there are identity risks. A new cloud security category called Cloud Infrastructure Entitlement Management (CIEM) was recently introduced by Gartner to describe how companies can manage access and enforce least privilege in the public cloud. The core capabilities provided by CIEM include continuous account and entitlement discovery that spans all entities in the environment (e.g. services, compute instances, data stores, secrets), policies (e.g. IAM policies, resource policies, permissions boundaries, ACLs), and native and federated identities (e.g. AWS IAM, Active Directory, Okta).
This discovery process can expose gaps between enterprise policy and the granted entitlements across multiple cloud platforms which use different mechanisms and terminology to address permissions. This visibility into entitlements associated with a given identity including which ones have access to sensitive resources and what roles they are linked to, can be used to enforce least privilege by continuously analyzing and removing excessive permissions.
Forbes Technology Council is an invitation-only organization for senior-level technology executives. Members are respected tech leaders selected for the council based on their deep knowledge and diverse experience in the industry.
*** This is a Security Bloggers Network syndicated blog from Ermetic authored by Shai Morag. Read the original post at: https://ermetic.com/whats-new/news/prioritizing-the-clouds-top-security-risks/