| |||||||||
| |||||||||
Current Filter: Network>>>>>Opinion> Privileged Identity Management in the Cloud Editorial Type: Opinion Date: 09-2014 Views: 2981 Key Topics: Networking Cloud Identity Access Management Security Packet Capture Key Companies: Lieberman Software Key Products: Key Industries: | |||
| Jess A. Richter of Lieberman Software explains the security issues that arise when managing privileged identities in the cloud. Every cloud infrastructure can be home to potentially hundreds of thousands of vulnerable privileged accounts. The presence of automated hacking tools means improperly secured privileged logins are almost certain to give hackers free reign on the network and in turn, access to customers' private data; often within minutes of an incursion. Until now privileged accounts and other file-based secrets have proven difficult to secure within large-scale, dynamic Cloud Service Provider (CSP) networks, and many still use humans and first-generation software tools to manage the task. As a result, improperly secured privileged accounts provide an easily exploited attack surface for hackers and malicious insiders.
SECURITY CONCERNS FOR CLOUD SERVICE PROVIDERS In general, privileged identities aren't managed by conventional Identity and Access Management (IAM) systems because, unlike conventional user logins, privileged accounts aren't typically provisioned. Instead, privileged accounts frequently appear on the network whenever physical and virtual IT assets are deployed and changed. As a result, privileged credentials must be discovered and continuously tracked by software that's separate from IAM. Because every shared, static, or cryptographically weak privileged identity represents a potential attack surface, IT regulatory mandates, including PCI-DSS, SOX and HIPAA, require that these credentials be frequently changed and cryptographically complex. Access to these privileged accounts must also be attributed to named individuals and then audited. However, this can prove to be an overwhelming challenge when access lists, and even the assets themselves, change more rapidly than human intervention can realistically keep track of.
MANAGING THE PRIVILEGED ACCOUNT PROBLEM In order to accomplish this, cloud providers and other large enterprise deployments require a solution that can discover, audit and control access to privileged accounts entirely by machines using an automated and programmatic approach, and thus removing the current default for direct human intervention and dependence. Only by deploying automated security solutions can these organisations locate and remediate weaknesses faster than nation-state attackers and other professional criminal hackers can find and exploit them. With automated and programmatic controls over privileged identities, cloud service providers can achieve the following advantages:
• Privileged account discovery and tracking that is both broad in platform scope and deep in account discovery. This includes process and service interdependencies to enable safe, automated changes of any interdependent accounts without disruptions
CONCLUSION | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |