Did you miss our recent non-people identity webinar series? This three-part webinar highlighted crucial cloud security elements about managing non-people identities in the public cloud. In today’s post, learn the key takeaways from this webinar series.
For three months, the Sonrai Security experts hosted a three-part webinar with our Co-Founder and CTO, Sandy Bird, and our CISO and Director of Cloud Security Research, Eric Kedrosky. This webinar series sought to highlight everything about non-people identities and managing enterprise cloud security through identity governance.
Modern public cloud enterprises have innumerable non-people identities, critical to normal operations in the cloud environment. Today, more than before, it is crucial to understand non-people identities and manage the risks they present.
In the first part of the webinar series, Securing Non-Human Identities in AWS and Azure, we covered what we mean by non-people identities, the problems identities can cause, and the best practices for managing them.
Non-human identities refer to any pieces of computer or digital identities that have control or access rights over other identities or resources within your public cloud. They do not require human monitoring. They exist to fulfill various functions with different abilities and permissions required to perform their roles.
Common types include:
Unlike the enterprise management of on-premise, cloud providers apply completely novel concepts to create and manage non-people identities. They give you tools to govern and restrict the access of these non-people identities, but these must only serve as starting points. Deployed correctly, this system can work effectively to create a highly secure environment. However, if messed up, the complexity becomes a weapon, creating misconfigurations that can be exploited for nefarious purposes.
The first webinar provides essential background information, although subsequent webinars recap the definitions and functions of non-people identities if you wish to watch them separately.
It is important to understand the challenges non-people identities present in enterprise cloud security. The first webinar gives some general challenges, but we expound on the details of these problems in the second part, Securing Non-Human Identities Part 2: AWS. In contrast, the third part discusses the challenges and best practices of Securing Non-Human Identities in Azure.
There are two key aspects to the challenges of cloud identity management that cannot be addressed by cloud service providers alone. It was essential to highlight how different public cloud systems present these challenges, given that AWS and Azure, for instance, work entirely differently from one another. Therefore, while the problems and patterns are similar, the difference lies in how these problems/patterns manifest on different public clouds.
Every enterprise cloud deployment has thousands, even tens of thousands of non-people identities. It is impossible to manually manage such a volume to ensure that each non-person identities have proper permissions and access. This creates the first challenge – the daily running and management of all non-people identities within an enterprise.
Even if that were possible, specific non-people identities could have overreaching permissions that allow them to change themselves as they assume different roles. This is the problem of privilege escalation, which often creates a web of more non-people identities with privileges beyond what their role requires.
But complexity doesn’t exempt any business from identifying risks, sealing gaps, and improving management. It’s all good assuming everyone that gains access to non-people identities has the right intentions, but nefarious access, even from within the organization, is always possible. “The complexity is your friend if you do it right, but if you get it wrong, the consequences could be catastrophic,” notes Sandy Bird.
The best practices when securing non-people identities, just like challenges, are much the same in concept, differing only in execution. In the second and third webinars, we highlight the essential ideas to implement regardless of the tools and solutions you use. Some of them include:
Of course, there is much more detail to these best practices, which is why you want to check out the complete webinar series.
At Sonrai Security, we can help you manage all your identities and bolster your enterprise cloud security by ensuring that all human and non-human identities work the way they should. If you wish to learn more, follow our blog to get more information on the various aspects of securing non-human identities. To learn about how we can help your business, request an assessment or book a demo with us today.