Once again, the global cloud community, including Sonrai Security, gathered in Las Vegas for AWS re:Invent 2021, centered around the worlds largest cloud security platform.
Keynote speakers focused on the critical role the cloud plays in transforming industries — from healthcare to financial services to education. In his keynote, AWS CEO Adam Selipsky noted that “there’s no industry that hasn’t been touched by the cloud.”
The global shift to remote work and the distributed nature of modern computing have led to a proliferation of digital work. When you’re a security company, you know that means more identities with more excessive permissions and more unknown access. This isn’t anything new to the cloud community, especially in highly dynamic and rapidly scaling environments. Now more than ever, enabling secure access for all people and non-people identities is imperative for prospering digital transformation. Simply put, risk, vulnerabilities and ultimately breaches slow down progress.
Using cloud service providers, such as AWS, Microsoft Azure, and Google Cloud, enterprise organizations are working to transform businesses. The need for strong security is undeniable these days, so organizations are tasked with identifying risks and vulnerabilities at every corner of innovation. As businesses work to transform industries, the ways in which we ward off cyberthreats must also evolve. This brings us to the value of events like Re:Invent. Gathering the cloud community together is an opportunity to discuss trends and share best practices. We’re here to point out the 4 major trends we took away from this year’s event.
The following are some of the key security trends and topics gleaned from the conference’s keynotes and sessions — and from the expo floor itself. While some of these trends are updates, others represent emerging techs and new capabilities within cloud security.
Identity & Access Management (IAM) is the cornerstone to any successful security program, and this is especially true when building in the cloud. After all, with identity being the “new perimeter,” it is critical to have a solid understanding of your cloud’s IAM capabilities. This understanding allows companies to make use of those capabilities to their fullest potential and secure access as much as possible.
In a recent Gartner CIEM report, the analyst points out, that as cloud providers add more services, the number of distinct entitlements exceeds (on average) 5,000 across all providers. They then noted how this volume of entitlements poses far too much of a challenge being managed by traditional IAM approaches.
Enterprise leaders will need to continue to build expertise in the various IAM models for public cloud services like AWS, Azure, and GCP. This can be challenging, however, since the IAM services, policies, permissions, and capabilities are continually evolving. As such, it can be difficult to understand who/what has access to which resources. Developing a vision and strategy for IAM beyond traditional thinking to include CIEM and CSPM will be a huge trend in 2022 – and one we fully support.
Artificial Intelligence & Machine Learning
Another trend we will see is a behavioral analysis of IAM patterns. This powerful method can bring policy violations to the surface. Artificial Intelligence (AI) and Machine Learning (ML), specifically, are increasingly being used to alert on a wide variety of changes in user and application behavior. These changes could include the location of the API call (e.g. U.S. vs Europe), the API client (e.g. web console vs Python Boto), or the types of permissions.
While AI and ML are not silver bullets, by any means, they can certainly help to draw your attention to the policy violations and identify attacks before they become breaches. For example, many CSPM platforms utilize AI and ML to detect cloud security drift.
The Cloud Security Posture Management (CSPM) previously known as Cloud Infrastructure Security Posture Assessment was defined in response to the growing need of organizations to correctly configure public cloud IaaS and PaaS services and address cloud risks. CSPM is a class of security tools defined by its use cases for compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization — many of which are built on machine learning and artificial intelligence.
CSPM’s goal is to identify these issues so companies can take measures to enforce security policies. With data and applications spread across multiple services, it’s difficult to have a clear picture of inventory. Information in the cloud is subject to the same security protocols as that of on-premise data centers. CSPM provides tools to show compliance with these regulations. CSPM tools detect both internal and external threats to the information stored off-premises. It’s apparent the value the solution brings in detecting misconfigurations that may otherwise fly under the radar.
According to Gartner, a single misconfiguration can expose hundreds or thousands of systems or highly sensitive data to the public internet. What may be described as a “data breach” is more often a cloud storage bucket containing sensitive data that is accidentally exposed to the internet. Many high-profile breaches have catalyzed the interest in CSPM.
The Gartner CIEM report, “Innovation Insight for Cloud Infrastructure Entitlement Management” covered the challenge of managing privileges in the cloud with thousands of services added in recent years by cloud providers. Security and risk management leaders are beginning to combine traditional IAM approaches with CIEM to achieve efficient identity-first security management results. Organizations are quickly realizing that managing access entitlements is their responsibility.
In specific, enterprise organizations must monitor for unusual activity among people and non-people identities. on-people identities are especially repetitive and perform the same actions regularly. Any changes or new behavior would indicate tampering or the misuse of credentials within the network. This continuous monitoring can be burdensome for teams. Luckily, the emergence of CIEM can offer that extra support and handle those processes effortlessly, thus reducing the demands on teams.
The Gartner CIEM report also calls out the large responsibility all cloud infrastructure users hold, referring to each of them as ‘super users’. This privileged access being misused can ‘cause considerable disruption to businesses’. CIEM is a solution that recognizes and accounts for the gravity each identity carries. As a tool, it can effectively reduce costly errors and misconfigurations by flagging when identities are allowed multiple access points and when their accounts are accessible by third parties. This continuous monitoring helps control and eliminate over-permissioned identities. CIEM should provide anomaly detection with a focus on protection and compliance. This is a trend we can get behind.
The concept of least privilege shouldn’t be news to anyone who has dealt with IAM in the past. While it has always been best practice to only grant only the necessary permissions needed, the move towards least privilege access across all identities – users, compute, roles, etc. – will definitely continue. There was a great focus on IAM risk in 2020 building a strong foundation, but now, it is more important than ever to work towards the least privilege for both new and existing workloads.
The cloud IAM models and capabilities are endlessly evolving – as such, striving for least privilege is an ongoing process. Organizations must consistently review existing IAM policies and permissions, and recertify the preexisting identity permissions. In addition, leveraging the insights provided by your IAM analytics and AI/ML solutions can help you discover unused privileges, over-permissioned identities, and other potential policy violations. We’re looking forward to a strengthened focus on striving for the least privilege in 2022.
AWS like any other major gathering in the tech sphere, brought us a great perspective on what our peers are doing and where the future of cloud is headed. These trends may not be entirely new players but instead shifts in enterprise priorities. The presence of threats is nothing new, but how we better prepare and protect our infrastructure will always evolve, emerging stronger each time. Identity and access management, AI and Machine learning, Cloud Infrastructure Entitlement Management, and Least Privilege are concepts and solutions we strive to leverage at Sonrai. We’re looking forward to bettering our technology, supporting our customers, and being of value to enterprises in the market facing today’s battle of business agility vs. security in 2022.
If these trends resonate with you and you are interested in learning more about Sonrai capabilities, reach out to start a conversation or explore our offerings.