• Thom Bradley

The role of Identity Access Management (IAM) in raising Issues that lead to Breaches

With more and more businesses hoping onto cloud systems, there is usually no way of preventing important assets and data if both the end-users and cloud service providers are not willing to follow the security instructions completely. There are various policies, set of standards, and measures that are kept in place to secure user data and avoid breaches. But over the years, these practices have been neglected by the user's and hackers were able to find some invulnerability within the new updates or patches rolled out by the cloud providers. One way or the other, the digital world has seen just too many breaches and cyber-attacks that the question of cloud security is under review now.


What is cloud security? Should you be worried?

Cloud security is a set of practices, measures, and standards set in advance by the cloud vendors to transfer information and data around as well as protect cloud infrastructure, services, and applications offered by the cloud.


With these ever-increasing breaches and cyber anomalies taking place on a constant basis, there is a certain fear among enterprises that even cloud interface is not secure. They must run back to the conventional ways of dealing with data that is making data centers and other network-intensive systems.


Information and access management is the most intensive protocol of them all set by the cloud vendors, but it is not taken seriously among various cloud vendors, and that is why some serious breaches happen to take place because of it. IAM is not a totally forgotten concept as many cloud vendors out there, such as AWS, take the security of the cloud resources and services very seriously. But among those where IAM is as good as forgotten, where end users are not willing to comply with the security standards set by the cloud systems, breaches are bound to happen.

Are we cloud Safe?

How would you know when something goes wrong before it does? Easy! Keep an eye on it and know when it happens with alerts and signals.


Some of the more recent stats, to get the full report go to 2020 Report

  • The top four public cloud security threats: the leading threats cited by respondents was a misconfiguration of the cloud platform (68%), up from third in 2019’s survey. This was followed by unauthorized cloud access (58%), insecure interfaces (52%), and the hijacking of accounts (50%).

  • The main security barriers to cloud adoption: respondents named a lack of qualified staff (55%) as the biggest barrier to the adoption – up from fifth place in last year’s survey. 46% cited budget constraints, 37% data privacy issues, and 36% a lack of integration with on-premises security.

  • Existing security tools struggle with public clouds: 82% said their traditional security solutions either don’t work at all, or only provide limited functions in cloud environments, up from 66% in 2019 – highlighting an increase in cloud security issues over the past 12 months.

  • Public cloud is riskier: 52% of respondents considered the risk of security breaches in public clouds higher than in traditional, on-premises IT environments. Just 17% see lower risks, and 30% believe the risks are about the same between the two environments

  • Cloud security budgets to rise: 59% of organizations expect their cloud security budget to increase over the next 12 months. On average, organizations allocate 27% of their security budget to cloud security.

Want more Cloud Security Stats? Check this Report

Breaches that happened due to IAM


Capital One



It had to be one of the biggest cloud breaches in 2019, the cause of the breach was the former AWS cloud engineer who had been working closely with AWS but left her job. In 2019, she initiated the most sophisticated and yet the most terrible data breach known to the digital world. Capital one was using the AWS cloud resources and had all their data migrated there, but unlike various other organization’s capital, one was a little hasty about migrating to the cloud. Cloud models are known to be extremely charming in terms of reducing the overhead costs and maintaining a dedicated streak of consistent compute power, but there are added responsibilities in there as well.



Cloud systems need to change their current operations more often, and this is where the idea of introducing patches and security updates come into play. The same happened with capital one, although guided to install security patches and updates as soon as these hit the shelves, capital one cloud management team was a little lackluster on it. So, the only notion of advice that should be given here is never to pay the updates and security patches landing on your door with negligence or otherwise the aftermath can be catastrophic. Here are some IAM lessons to take away from the Capital One breach.


Docker Hub



A popular Docker hub repository was compromised in 2019, leaving about 190k accounts and users exposed. The main reason behind this breach was the lack of IAM discipline among the users. Supposedly they were to secure the access keys and tokens that are to be used for authentication purposes. One of the users or account holders mistakenly published their code repository on a dedicated website along with their access keys (emphasis on mistakenly). This was all the oil the hackers needed to light a big pyre, and so it happened, about 190k+ accounts were breaches, and the security of the users was left exposed.


It is imperative for the users to keep their keys and security credentials safe and place an expiry on these tokens as if by any chance these get exposed, no one will be able to use them due to their expired nature wreak any havoc.


Autoclerk



It is a reservation management system and hosted an unsecured database hosted with the AWS cloud systems that lead to the exposure of almost a hundred thousand reservations and bookings made by the public. The travel system was intensively used by the military personnel, and the breach leads to the exposure of sensitive travel information such as the routes taken by them and places where they stayed, etc.


Not only this, but sensitive personal information such as email addresses, mobile numbers, and many others were also exposed during the breach. Cloud configuration compliance can pose as the ultimate solution for this problem and its alleviation.


IAM—Best practices and things that you should be mindful about

You have already witnessed the security breaches that took place because of consumers and cloud vendors not complying with the set IAM policies and standards. Now, if you don’t want your business to be the next target then you must retreat at once and analyze the best practices that IAM has to offer such as;

  • Know your infrastructure—you must know which users are currently connected with your network and what kind of information they can access. Make sure that you don’t only know your infrastructure but also the protective maneuvers implemented to secure its vitality.

  • Least privilege model—permissions must be delegated according to IAM roles that a certain user has to play and the resources these should have access to should also be monitored consistently. Note down any strange behaviors that you encounter within your network systems.

  • Separating the resources—cloud provides you access to unlimited storage all around the world but just, so it exists doesn’t mean that you should keep your proxy server and the database on the same machine, this is just what capital one did with their cloud resources and had to pay a heavy price for.




Want to know how secure your cloud is? Get to know the nimble Secure Cloud? Why not getting in touch with us and running an assessment of your environment 14 days free of charge? Get in touch









Make sure that you follow the identity and access management related domains pretty seriously, or otherwise, it would be your precious data circling around the dark web only to be sold out to the highest bidder. Know your IAM policies and compliance and know better.


Learn More IAM Lessons from Capital One Breach: https://www.scmagazine.com/home/opinion/executive-insight/cloud-infrastructure-iam-lessons-from-the-capital-one-breach/

AWS Incident Highlights & Responsibilities: https://diginomica.com/capital-one-aws-incident-highlights-roles-and-responsibilities-cloud-customers-providers

Best IAM Practices: https://cloudcheckr.com/cloud-security/top-5-iam-best-practices/

Understanding IAM Roles: https://cloud.google.com/iam/docs/understanding-roles


© 2020 by NSC42 LTD

  • White LinkedIn Icon
  • YouTube - White Circle
  • White Twitter Icon
  • medium logo
  • White LinkedIn Icon