With 84% of companies experiencing an identity-related breach in the previous year, you’re making the right choice by seeking out azure identity governance and security knowledge. That concerning statistic came from the Identity Defined Security Alliance report titled, ‘2022 Trends in Securing Digital Identities’, which found an increase in identity-related breaches and a substantial negative impact on the companies experiencing them.
Microsoft Azure is one of the leading cloud providers in the public cloud market, and rightfully so, as their technology helps countless organizations grow. Azure does an excellent job of providing a robust infrastructure and arms their customers with security offerings and concepts to help them get started. Offerings include Azure Sentinel, Defender for Cloud, and Applications Insights, security frameworks like their Well-Architected Framework, and resources like the Azure Shared Responsibility Model. Under this model, Azure takes care of the security ‘of’ the cloud, while Azure customers are responsible for security ‘in’ the cloud. Many organizations use additional third party security solutions to help them hold up their end of the security deal.
If you are interested in expanding your Azure identity governance and security, this blog will define the important capabilities to do so.
What is Azure Identity Governance and Security?
Azure identity governance and security can be broken down into two-parts; building policies around your identities and using automation to protect these policies. Let’s first examine building identity governance policies.
Identity Governance Policies
Identity governance is defined by Tech Target as “the policy-based centralized orchestration of user identity management and access control” in Azure. It provides you with capabilities to ensure that the right people have the right access to the right resources. An identity governance policy is the management of the defined conditional controls that allow access to applications and resources. Resource owners can define policies for user’s access via access packages. However, many cloud leaders confuse Azure identity governance policies and identity governance.
Azure identity governance policies and identity governance are different. Outside managing identities in Active Directory, a major concern is privileged identity management. The cloud sees a unique proliferation of not only identity, but then those identities’ permissions. Privileges and access controls are changing everyday in Azure with Sonrai research noting 17 new permissions made every day.
To improve visibility into all the Azure identities in your cloud – person and non-person – and their effective permissions, your organization may concern a third party tool. Being able to visualize effective permissions, or even better yet, simulate actual attack paths from identities to data is the only way to reveal covert concerns, like toxic combinations or privilege escalation risks. Once you know where your risks lie, you are able to work towards fulfilling identity governance and security policies.
The major policy many organizations aim to meet and maintain is Least Privilege. Least Privilege gives all identities the minimum amount of access they need to accomplish their job. Maintaining this strictly is almost impossible without having continuous monitoring. Continuous monitoring solutions will alert when a deviation occurs (e.g. like an identity accessing sensitive data.) Risk detection brings us to the second leg of Azure identity governance and security: automation.
Identity Governance Automation
After your platform detects a security concern, your team needs a sustainable and scalable way to triage these risks. Leveraging automation is the best way to direct alerts to the right team at the right time with the right level of prioritization for remediation. This needs to be done in an organized fashion and be operationalized to meet remediation needs at the speed of the cloud.
Failure to manage identity access to sensitive resources places organizations at an increased risk. Managing access rights along with balancing productivity goals is critical, which is why
orgs should seek a process for prioritization. Not every threat or alert is created equal, yet many teams lack any organization or workflow in their ticket system, so alerts pile up, one after another, creating alert fatigue.
Consider this scenario: there are two security alerts flagged, one is because an Azure VM accesses an internal document from a brain-storming session within the marketing team. The other is because a Developer, meant to be in a Sandbox, accesses an extremely sensitive data store containing live customer PII data in Production. Which concern is the one needing immediate attention? Your organization needs a solution that recognizes the answer and communicates that clearly.
What Capabilities Should Azure Identity Governance & Security Include?
A strong Azure identity governance and security program will have the following capabilities:
Automated identity discovery. Your solution must be able to automatically discover identities across all environments in order to build and maintain a comprehensive real-time inventory, including discovery of any federated and native cloud identities, including those from CSP accounts, identity providers, and traditional directories, e.g. Active Directory. It should also be able to automatically identify high-risk identities, such as those that access sensitive data.
Graphing and context visualization. Lack of actionable visualization of attack paths continues to be one of the biggest cloud security challenges. The ability to visualize and inspect the relationships between identities and data is essential for detecting and remediating risks. Given the magnitude of cloud environments and large number of entitlements that organizations need to manage, traditional table-driven visualization methods for viewing and analyzing this information are not feasible.
Entitlements Reporting. Continuous audit-ready reporting on identities and their entitlements. Your solution must allow you to easily query identities in order to gain meaningful insight into the different aspects of your organization’s security status. It should provide a toolbox of out-of-the-box yet customizable reports so that you are always ready for an audit.
Effective Permissions Discovery. Your solution should take an inventory of identities and discover their effective permissions (the full scope of their abilities.) This means a full, real-time picture of all permissions every and any identity holds.
Cross-cloud Entitlements Correlation. Organizations need a solution that can correlate and normalize identities, accounts, and entitlements within and across accounts and CSPs looking at all possible relationships.
Entitlements Optimization. Your solution should determine Least Privilege entitlement assignments through usage data generated by privileged operations across cloud infrastructure combined with entitlement data.
Entitlements Continuous Monitoring. Your vendor should be able to analyze processes and detect changes made outside of sanctioned processes or changes that are deemed anomalous due to external factors, are atypical, or considered high-risk. Periodical checks are not enough as identities are constantly using multiple permissions throughout the day, sometimes for mere seconds at a time. Privilege identity management is especially important.
Remediation. Your platform needs to have the ability to detect cloud threats and respond to those events by remediating. Depending on how you manage your entitlements, you may want a solution that can make changes directly or trigger an alert for a change event containing the updated policy or entitlement assignment. The ability to detect cloud infrastructure threats and respond by generating events and performing mitigation operations is a required security function regardless of how you manage.
Automation. When security concerns are detected, you need automation to not only direct the alert to the correct personnel, but also prioritize the most pressing concerns so your team can take immediate action. Additionally, having the option of automated remediation bots to address concerns when your team cannot.
Azure Identity Governance: One Pillar of Four
As previously discussed, identity risk is a major gateway into compromising cloud environments. In fact, identities are referred to as ‘the new perimeter’. Identity governance and security is just one piece of total cloud security. Identity and its close counterpart, data, should be the core of your security program, however, there are four major pillars of cloud security.
The four major pillars of cloud security are Identity, Data, Platform, and Workload, and these pillars do not work in isolation. Just consider an Azure VM with a vulnerability that also hosts a grossly over permissioned non-person identity with the ability to access top sensitive data. These datastores do not have secondary-audit enabled so this is all untraceable. The cloud is a complex and interconnected world that demands integrated security addressing all major areas.
To learn more about total cloud security, explore our Azure solution.