A cloudy picture of identity and access
As your supply chain grows, so does your attack surface. As business scales up and cloud providers release new services and resources to support, it becomes exponentially more challenging for security teams to manage access. With this growth, an intrinsic — and completely understandable — need arises to protect valuable company assets.
So gates go up in the form of policy evaluation rules that review requests for access. But what happens when more and more policy layers are put in place to protect deeper access, sometimes overlapping in the same application? It’s easy for this to happen, but the need to safeguard and create efficiencies can co-exist. Let’s look at some methods for gaining full cloud-IAM visibility without clouding the view.
Policy puffery
As an organization realizes the scale that cloud enables, hopefully identity management becomes part of the growth strategy. But as more Identity Access Management (IAM) policies are written, things can get...messy. Because when there are too many overlapping policies, this can actually result in an increase in vulnerabilities as a team races to put gates in place and then, ironically, ends up creating a more porous attack surface. 3 IAM directives usually underscore the thinking of most organizations:
Limiting the blast radius of any IAM failures
Responding quickly to IAM incidents
Establishing the coveted state of Least Privileged Access (LPA)
Everything in the cloud has its own identity; every service or asset contains multiple layers of permissions. Small cloud environments alone can encompass hundreds of permission rules. To help cut through all of this potential chaos and confusion, AWS features policy evaluation logic that includes 5 steps for a cl ..
Support the originator by clicking the read the rest link below.
){kind=link}