Cloud computing security, or simply cloud security, is the practice of safeguarding both data assets and access for cloud-based applications, services and more from attacks by cybercriminals and malicious insider abuse.
As more organizations move to a cloud-first or hybrid cloud computing environment, user credentials that access the cloud have become prime targets for attackers. Remote workers, third-party contractors, and business users with personal devices are now accessing privileged accounts every day across the globe. Cloud computing security helps to ensure these users get secure access to the cloud without negatively impacting their productivity.
In 2020 cloud data breaches increased to 24 percent of all breaches. Among these cloud breaches, 77 percent involved compromised user credentials. Controlling access to the cloud is thus one of the most critical security controls any company can undertake. Organizations need to not only protect the authentication of users to cloud applications but also provide continuous validation and verifications of privileged user actions after they’ve been authenticated.
As the use of cloud services has grown, so have the security concerns of cloud computing associated with privileged access management. The major types of security risks in cloud computing include:
When you start your journey to privileged cloud access, take into account these considerations:
1. Define access: Make sure you define your privileged cloud access according to your business functions that encompass data, systems, and roles. One way to get started is to refer to your disaster recovery plan—it can serve as a guide to your critical business systems, applications, and data. Then, map your privileged accounts to your business risk and business operations.
2. Develop IT cloud access policies: Your organization should have a policy that details acceptable use and responsibilities for privileged cloud accounts? Your working understanding of who has privileged access, and when it’s used, is vital. Treat privileged accounts separately by clearly defining a privileged account and spelling out acceptable use policies. Identify and track ownership of privileged accounts throughout their life cycle.
3. Use a risk register: Use a risk register as part of your IT cloud access policy that requires any new cloud application to register the data impact risk along with the privileged access management (PAM) matrix questions. You can automate this with a risk classification that determines what additional security controls must be included to reduce any risks identified.
4. Discover your privileged accounts: Automated PAM software identifies your privileged accounts, implements continuous discovery to curb privileged account sprawl, identifies potential insider abuse, and reveals external threats. Ongoing visibility of your privileged account landscape is central to combating and reducing cybersecurity threats.
5. Understand business users’ privileged access: All access is becoming privileged whether it’s due to the level of access of the account or the access users have to sensitive company data. Business users fall into this category, so consider them as having privileged access.
6. Protect your passwords: Your privileged access management solution should 1) automatically discover and store privileged accounts, 2) schedule password rotation, 3) analyze, audit, and manage individual privileged session activity, and 4) monitor accounts to quickly detect and respond to suspicious activity. Safeguarding your privileged account cloud passwords must go beyond simply using a password manager. You should establish Single Sign-on sessions to target systems for better operational efficiency of administrators by combining multi-factor authentication and privileged access security. Minimizing the ability for humans to create and choose passwords is a must. This helps protect against cyberattacks that use techniques such as credential stuffing, and exploits bad cyber hygiene, such as password reuse.
7. Limit IT admin access: You should commit to a least-privilege policy that will enforce least privilege on endpoints and limit IT admin access to cloud applications without impacting productivity. Privileges should only be granted on demand when required and approved. Least privilege and application control solutions enable seamless elevation of approved, trusted, and whitelisted applications while minimizing the risk of running unauthorized applications.
Monitor and record sessions: Your PAM solution should monitor and record privileged account activity, which helps enforce proper behavior and avoid mistakes by users. Audit, record, and monitor privileged activities to assist with regulatory compliance.
8. Detect abnormal usage: Visibility into the access and activity of your privileged accounts in real time helps catch suspected account compromise and potential user abuse. Track and alert user behavior. Early detection of security incidents significantly reduces the cost of a data breach. You must manage, monitor, and restrict the administrative access of IT outsourcing vendors and managed service providers (MSPs) to cloud and internal IT systems because many incidents result from compromised third parties.
9. Respond to incidents: Privileged access should be an integral part of your incident response plan in the event a privileged account is compromised. Simply changing privileged account passwords or disabling the privileged account is no longer sufficient when a privileged account is breached. If you need help with your incident response plan, check out our Cybersecurity Incident Response Plan Template.
10. Audit and analyze: You need to continuously monitor privileged account usage through audits and analysis reports that will help identify unusual behaviors that may indicate a breach or misuse. These should be automated reports that can track the cause of security incidents and demonstrate compliance with policies and regulations.
Least privilege cybersecurity enables enforcement of a zero-trust, risk-based security model. Once a user is verified, the user’s access is limited to only what’s necessary to accomplish a specific task or job. In the past, least privilege was often viewed by employees as a negative experience that prevented them from performing their jobs when privileges were restricted, and increasing IT support calls so they could gain access. As a result, organizations often enabled local privileged access for almost every employee—a highly risky practice that can be abused by cybercriminals and exploited to elevate privileged access. However, there are PAM solutions that facilitate just-in-time (JIT) privileged access to the cloud with detailed security controls. This means users can get the access they need when they need it, increase productivity, reduce calls to a help desk, all while minimizing risks from cyber threats.
For example, if a user needs access to a database or cloud storage that contains sensitive data after she has already authenticated, she should be required to get further authorization. That authorization could include on-demand security controls, such as multifactor authentication, access workflow, and the recording of session activity to assure the risk of abuse is reduced.
With many organizations operating in hybrid on-premises and cloud environments, implementing least privilege on servers or endpoints is not enough. Least privilege security controls must encompass all privileged access, including cloud-based systems, applications, databases, and infrastructure.
More Cloud Computing Security Resources:
Blogs
PAM in the cloud vs. PAM for the cloud. What’s the difference?
Privileged Access Cloud Security for Dummies
Whitepapers
Cloud automation is the key to future-proofing cybersecurity
Critical controls for modern cloud security
Tools
Windows Privileged Account Discovery Tool
Cybersecurity Incident Response Plan Template