With 2019 being described as one of the worst years in history for security incidents, organizations should seriously consider evaluating their Identity & Access Management (IAM) capabilities in 2020. The goal is identify and then close the risks that could lead to a breach of sensitive data.
Some of these IAM trends are updates to current IAM best practices, while others represent evolving techniques and new capabilities which can be leveraged to reduce risks around identities and data in the cloud.
Here are our top five IAM trends to watch in 2020:
Identity & Access Management (IAM) is the cornerstone to any successful security program, and this is especially true when building in the cloud. After all, with identity being the “new perimeter,” it is critical to have a solid understanding of your cloud’s IAM capabilities – that’s often the only way to provide access to services and resources. It is also vital that companies make extensive use of those capabilities to secure access as much as possible.
In 2020, companies will need to continue to build expertise in the various IAM models for public cloud services like AWS, Azure and GCP. This can be challenging, however, since the IAM services, policies, permissions, and capabilities are continually evolving. As such, it can be difficult to understand who/what has access to which resources.
While it is common for companies to leverage single sign-on (SSO) solutions to provision access into public cloud platforms and resources, the focus has traditionally been on administrative users. An example use-case would include granting Active Directory users access to the AWS console through Ping or Okta. Increasingly, companies are also providing cloud access to non-people identities such as applications, services, and other compute resources. This can be done via solutions like HashiCorp Vault, where the original principal leverages temporary credentials to assume a role in the cloud and access resources.
We see SSO into the cloud as a growing use-case in 2020, particularly as companies struggle to get their arms around what identities exist in their cloud environments.
While it has always been important for organizations to have a governance model to build their IAM frameworks, in this new paradigm organizations also need to have a deep understanding of what access to data is possible, coupled with an enhanced ability to monitor and analyze the ongoing access. Leveraging IAM analytics provides better visibility into how access to data is used once granted, and allows you to discover unused privileges as well as identifies the previously unknown risks of over-permissioned identities, misconfigurations and/or deviations from the governance models.
Of course, it’s not as easy as sending your cloud audit trail information to a SIEM solution – custom tooling needs to be built that can understand the cloud IAM models and the permissions that are being used. The cloud providers themselves have started to provide visibility in this area (AWS IAM Access Advisor and Google Cloud IAM Recommender, for example) but they unfortunately only go so deep and are at different levels of maturity. Furthermore, they may not provide the full picture needed. Addressing this challenge will be a key focus area in 2020, for sure.
Behavioral analysis of IAM access patterns is another powerful method which can bring policy violations to the surface. Artificial Intelligence (AI) and Machine Learning (ML), specifically, are increasingly being used to alert on a wide variety of changes in user and application behavior. These changes could include the location of the API call (e.g. US vs Europe), the API client (e.g. web console vs Python Boto), or the types of permissions.
While AI and ML are not silver bullets, by any means, they can certainly help to draw your attention to the policy violations and identify attacks before they become breaches.
The concept of least privilege shouldn’t be new to anyone who has dealt with IAM in the past. While it has always been best practice to limit the amount of permissions granted to just those which are necessary, building least privilege permissions is critical to managing blast radius in the cloud. The move towards least privilege access across all identities – users, compute, roles, etc – will definitely continue. With a strong focus on IAM risk in 2020, it’s more important than ever to work towards least privilege for both new and existing workloads.
As we mentioned above, the cloud IAM models and capabilities are always changing – as such, building least privilege permissions is an ongoing task. Continuously reviewing your existing IAM policies and permissions, and recertifying the data access that you’re granting to your identities is not just a good idea, it is becoming critical. In addition, leveraging the insights provided by your IAM analytics and AI/ML solutions to discover unused privileges, over-permissioned identities, and other potential policy violations can provide a step change in your ability to identify and reduce IAM risks.
In summary, a number of IAM trends are emerging in 2020. While some are updates to current IAM best practices, others represent significant changes in the way that identities and access to sensitive data are managed. IT and cybersecurity professionals should consider how these developing and evolving IAM trends could reduce risks and provide better data protection.