How Credential Misuse Threatens Cloud Operations

Cloud-native security is a rapidly evolving section of the industry reacting to the increasing threats unique to organizations that are exclusively or primarily operating on cloud applications and platforms. In a report last year, Gartner named identity system defense as a top trend in cybersecurity for 2022. The list of cybersecurity trends pointed to the misuse of credentials as a primary attack point for cybercriminals to access sensitive data. In the multi-cloud landscape, credentials are a hot commodity.

Confronting the Dangers of Credentials Misuse

Whether a single user’s login and password or a company’s confidential customer information database, credentials are used to grant access to resources and protect sensitive data from falling into the wrong hands. When credentials are misused, they can leave organizations more vulnerable to attack. While the concept of identity access as a critical aspect of cloud security isn’t new, it is certainly emphasized by Gartner’s recent report.

Excessive Standing Privileges Causing Problems

The most common credential misuse stems from excessive standing privileges, which occur when users are granted more access than they need. This can create an increased attack surface, and cybercriminals can use overprivileged access as an entry point for attack. Although standing privileges are often implemented as a matter of convenience to avoid the hassles of strict security checkpoints, their risks far outweigh their rewards.

A Cautionary Tale of Standing Privilege

SolarWinds is a cautionary tale of standing privilege, as mentioned in the Gartner Cybersecurity Trends Report. The SolarWinds Sunburst data breach in 2020 happened because attackers were able to gain access to SolarWinds’ environment through a supplier’s standing privileges. A just-in-time (JIT) access solution would have allowed SolarWinds to grant only the necessary privileges to its human and synthetic users for an ephemeral time period. SolarWinds’ overprivileged posture resulted in a large data breach and served as a reminder that excessive standing privileges can be exploited by attackers. SolarWinds is a cautionary tale of standing privilege, and its story should serve as a warning to other companies operating in the cloud.

Zero-Trust Philosophy is the Future of Cybersecurity

Many organizations are turning to zero-trust philosophy as a way to reduce risk. This approach involves always verifying a user’s identity and restricting their access to only the necessary resources, rather than assuming that all users on the network can be trusted. With traditional perimeter defenses no longer applicable in a distributed environment, zero-trust ensures that only authorized individuals have access to sensitive data and systems.

Implementing a zero-trust strategy often occurs in phases because it can require significant changes to an organization’s infrastructure, processes and culture. However, the effort can pay off in reduced risk of breaches and compliance violations and improved efficiency through streamlined access management. In addition to adopting zero-trust internally, many organizations are also looking for service providers and vendors who follow this philosophy in their security practices. This helps ensure that there are no weak links in the organization’s overall security posture.

Solutions to Mitigate the Vulnerabilities of Cloud-Native Companies

As attack surfaces continue to grow in the cloud, the need for efficient cross-cloud solutions has never been more urgent. A recent study found that the vast majority of cloud administrators are not confident in their ability to secure their data and applications across multiple clouds. This is a worrisome trend, as it leaves companies vulnerable to attacks from a variety of directions. The good news is that there are cloud security strategies and solutions developed specifically to tackle this emergent need.

Doubling Down Identity Access Management (IAM)

As cloud-based operations become a standard across modern industries, companies are called to increase the strength of their identity access management (IAM). IAM is a critical component of any cloud-native company’s security strategy. A strong cloud IAM system uses an identity-centric approach to managing access for humans and machines. When done well, it can help reduce privilege sprawl by only granting users access when needed, and it also provides a centralized place to manage user accounts and permissions. IAM is also important for auditing and compliance, as it can help track which users have accessed which resources and when. By implementing IAM best practices, companies can help to keep their data safe and secure. IAM is an essential tool for any cloud company, and companies should ensure a strong IAM strategy.

Standing Privileges Reduced by JIT Access Solutions

Just-in-time (JIT) access is a crucial element of IAM that is increasing in momentum as companies seek efficient ways to lock down their privileged access. Organizations need ephemeral access to privileged accounts to get their jobs done securely and efficiently. A cross-cloud JIT access solution can mitigate risk by putting dynamic, automated time parameters around granted access for human and synthetic users. By only providing access when it is needed and then revoking it when the task is complete, JIT access solutions help to create a zero-trust posture. This reduces the chances of privileged accounts being compromised and shrinks the overall attack surface of the organization. In addition, JIT access solutions can help improve compliance with security policies and regulations. By reducing standing privileges, JIT access solutions help organizations meet their security obligations and dramatically reduce their vulnerability to attack.

While credential misuse is a real and present danger to cloud companies, steps can be taken to defend against attack. Implementing JIT access is one such step that can help organizations achieve a zero-trust posture and protect sensitive data in the modern cloud landscape.

Avatar photo

Art Poghosyan

Art Poghosyan is CEO and Co-founder of Britive. Art is an entrepreneur with 20+ years InfoSec experience. Prior to Britive he co-founded leading Identity and Access Management (IAM) consulting company Advancive, acquired by Optiv in 2016. There, he shared the confidence of enterprise execs as they wrangled with protecting growing cloud landscapes.

art-poghosyan has 4 posts and counting.See all posts by art-poghosyan