[Webinar Recap] Maintaining a Least Privilege Policy

3 mins to read

Missed our recent webinar? We’ve got you covered. In this post, we review one of the four pillars of cloud security – the Principle of Least Privilege.

The principle means giving an Identity (user, role and/or service) only those privileges which are essential to perform its intended function. The Principle of Least Privilege is widely recognized as a fundamental design consideration for the protection of data and functionality from faults and malicious behavior.

Covering the state in which identities have access to only what they need and nothing more, our experts dive into why getting to and staying at least privilege has become more complex in the public cloud, the impact of ineffective approaches, and considerations for identity and data access. On May 28, we hosted a webinar with Dan Woods, Principal Analyst at Early Adopter Research and Eric Kedrosky, Director of Cloud Security Research and CISO of Sonrai Security, who explained the latest methods for bringing a least privilege policy to life.

Our “Pillars of Cloud Security: Achieving and Maintaining Least Privilege” webinar takes a deep dive into finding the most effective approaches to Principle of Least Privilege policy. As organizations shift to a modern enterprise, finding the most effective approach becomes more important to govern data and identity access in the public cloud.

Identity is now the new perimeter and it’s created new risks. Things have changed quickly which can be stressful and complicated creating complexities. IT cloud and governance teams need to assess if you’re meeting this new demand and preventing risk.

This Principle of Least Privilege webinar covers these five areas to help with your least privilege compliance:

• Analyze how users access data

• Perform critical application assessment

• Improve separation of roles and access

• Accelerate zero trust optimized for work from home

• Prevention is key. Evaluate risks and gaps

For further detail into how you can stay at least privilege review these four steps:

Relentless and Continuous Monitoring – Identity and data access should be monitored at all times with alerts being fired for events that deviate from your governance and operational models. Inactive or suspicious accounts should be swiftly detected and deactivated while identities should be constantly updated to fulfill the latest compliances through regulations such as the California Privacy Law and organizational mandates.

Know Your Effective Permissions – Evaluating the risks of identities (people and non-people) across multiple public clouds, containing hundreds of accounts is challenging. Understanding all the effective permissions of an individual identity is a problem that cannot be solved by evaluating a single policy or calling an API. To manage this complexity and reduce risk to your identities and data, your organization should have end-to-end visibility into the trust relationships, as they truly exist in your environment. Without this visibility you are operating more or less blindly. 

Enable your teams to be part of the solution – Your organization should shift left by integrating your Security, Cloud, Audit, IAM, and DevOps teams. Dev teams across your business populate your cloud with workloads and data in development, staging, and production. Some workloads access sensitive data while others do not. Some workloads are blocked from external access while others are not. By structuring your cloud into “swimlanes” that reflect your different needs for monitoring and control, Sonrai can help provide organized analysis, context-based alerts, and actions the way you organize your cloud.

If there is an issue, fix it fast – Prevent the problem from happening in the first place and if you missed it, close the gap now. Put prevention rules in place across your cloud and make sure they stay there. As people try to move workloads to production, use prevention bots to ensure checks are in place, and promotion only happens if your risk policies are followed. When possible, your organization should apply the policies to swimlanes to prevent the creation or change of risky cloud services and thus eliminate the possibility of risks being created in the first place. 

For a more comprehensive look at the presentation, check out the hour-long webinar.