Sonrai Security Releases Industry-First Risk Insights Engine 👉
Learn More
Search
Login
Sonrai Security Logo
  • Why Sonrai
    • Why SonraiIdentify and remediate cloud misconfigurations with context.
    • Cloud Identity AuditAgentless scanning & context-aware vulnerability prioritization.
    • The First Cloud Permisisons Firewall
    • View the Solution
  • Product
    • Cloud Permissions FirewallA one-click solution to least privilege without disrupting DevOps.
    • CIEM +Discover, monitor & secure critical data.
    • Interactive TourExplore our products in a quick walkthrough.
      • Cloud Permissions Firewall Interactive Tour
A one-click solution to least privilege without disrupting DevOps.
      • CIEM + Interactive TourBreak toxic permission chains creating pathways to your data.
    • Start a 14- day free trial
    • Get Started
  • Pricing
  • Solutions
        • Use Cases
          • Least Privilege
          • Third-Party Access
          • Privileged Access Management
          • Attack Path Disruption
          • Audit and Compliance
        • User Role
          • CloudOps
          • DevOps
          • Security
  • Learn
        • Resource Library
        • Customer Stories
        • ACCESS
        • Blog
        • Webinars
        • Videos
        • From the research team
        • Cloud Permissions Firewall ROI
        • Identity Security Maturity Guide
        • ROI Calculator
        • Data Report: Cloud Access Risk
        • Get More Research
        • Read More
  • Company
    • About Us
      • Story & Leadership
      • Careers
      • News
    • Partners
      • Integrations
      • Global System Integrators
      • Solution Providers
    • Get a Trial Get a Demo
      Search
      Login
Free Trial Get a Demo
Sonrai Security Logo
  • Why Sonrai
    • Why SonraiIdentify and remediate cloud misconfigurations with context.
    • Cloud Identity AuditAgentless scanning & context-aware vulnerability prioritization.
    • The First Cloud Permisisons Firewall
    • View the Solution
  • Product
    • Cloud Permissions FirewallA one-click solution to least privilege without disrupting DevOps.
    • CIEM +Discover, monitor & secure critical data.
    • Interactive TourExplore our products in a quick walkthrough.
      • Cloud Permissions Firewall Interactive Tour
A one-click solution to least privilege without disrupting DevOps.
      • CIEM + Interactive TourBreak toxic permission chains creating pathways to your data.
    • Start a 14- day free trial
    • Get Started
  • Pricing
  • Solutions
        • Use Cases
          • Least Privilege
          • Third-Party Access
          • Privileged Access Management
          • Attack Path Disruption
          • Audit and Compliance
        • User Role
          • CloudOps
          • DevOps
          • Security
  • Learn
        • Resource Library
        • Customer Stories
        • ACCESS
        • Blog
        • Webinars
        • Videos
        • From the research team
        • Cloud Permissions Firewall ROI
        • Identity Security Maturity Guide
        • ROI Calculator
        • Data Report: Cloud Access Risk
        • Get More Research
        • Read More
  • Company
    • About Us
      • Story & Leadership
      • Careers
      • News
    • Partners
      • Integrations
      • Global System Integrators
      • Solution Providers
    • Get a Trial Get a Demo
      Search
      Login

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Search
Login
Sonrai Security Logo
  • Why Sonrai
    • Why SonraiIdentify and remediate cloud misconfigurations with context.
    • Cloud Identity AuditAgentless scanning & context-aware vulnerability prioritization.
    • The First Cloud Permisisons Firewall
    • View the Solution
  • Product
    • Cloud Permissions FirewallA one-click solution to least privilege without disrupting DevOps.
    • CIEM +Discover, monitor & secure critical data.
    • Interactive TourExplore our products in a quick walkthrough.
      • Cloud Permissions Firewall Interactive Tour
A one-click solution to least privilege without disrupting DevOps.
      • CIEM + Interactive TourBreak toxic permission chains creating pathways to your data.
    • Start a 14- day free trial
    • Get Started
  • Pricing
  • Solutions
        • Use Cases
          • Least Privilege
          • Third-Party Access
          • Privileged Access Management
          • Attack Path Disruption
          • Audit and Compliance
        • User Role
          • CloudOps
          • DevOps
          • Security
  • Learn
        • Resource Library
        • Customer Stories
        • ACCESS
        • Blog
        • Webinars
        • Videos
        • From the research team
        • Cloud Permissions Firewall ROI
        • Identity Security Maturity Guide
        • ROI Calculator
        • Data Report: Cloud Access Risk
        • Get More Research
        • Read More
  • Company
    • About Us
      • Story & Leadership
      • Careers
      • News
    • Partners
      • Integrations
      • Global System Integrators
      • Solution Providers
    • Get a Trial Get a Demo
      Search
      Login

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Search
Login

Powerful Cloud Permissions You Should Know

Mapping Permissions to the MITRE Framework

  • 1.
  • 2.
  • 3.
  • 4.

Table of Contents

  • 1. Quantifying Cloud Access Risk
  • 2. How Enterprises Tackled this Problem
  • 3. Cloud Permissions Firewall Does Not Disrupt DevOps
  • 4. Cloud Permissions Firewall Automatically Protects an Evolving Cloud

1

Quantifying Cloud Access Risk: Overprivileged Identities and Zombie Identities

We analyzed a sample of public cloud enterprises and aggregated their data together. On average, their cloud estate comprised 11,290 identities, 19% of which were humans and 81% were machine identities.

92%

of the Permissions Attack Surface is Caused by Excessive Permissions
  • 87%

    87% attributed to unused sensitive permissions by machine identities

  • 13%

    13% attributed to unused sensitive permissions by human identities

On average, 92% of all identities with access to sensitive permissions did not use them over 90 days. These identities are given access to powerful permissions they don’t need – the ones that could cause the most harm in your environment. This unnecessarily increases the exploitable attack surface in your cloud.

61%

of identities are unused (zombies)
  • 88%

    88% attributed to zombie machine identities

  • 12%

    12% attributed to zombie human identities

Identities are created for third-parties, temporary projects, and testing, but sometimes get left behind and forgotten about. These identities are ripe for exploitation, yet serve no active purpose.

2

How Cloud Teams Tackled this Problem

With such an insurmountable attack surface created by unused access and permissions, enterprises sought a way to reduce their risk quickly and with less operational overhead. These enterprises deployed the Sonrai Cloud Permissions Firewall for the job.

With a sweeping global deny policy, unused sensitive permissions are restricted, unused services and regions are locked down, and zombie identities are quarantined from use. Actively used permissions are included in an exempt list so your operations are not disrupted. Any new identities are fully protected with a default deny structure.

Future access needs are seamlessly granted with a permissions on demand workflow integrated into a preferred ChatOps tool. See the results below.

“Our transition from tedious, weeks-long tasks to accomplishing Least Privilege outcomes in just a few days has been remarkable. This approach has saved us a tremendous amount of time while also guaranteeing the security of all critical permissions."

img

Josh McLean, CIO of World Kinect

img

“The thing about deleting unused identities or enforcing least privilege is we know it's the ‘right’ thing to do, but everyone’s afraid it’ll break something or interrupt our development cycles. We don’t have to worry anymore. The assurance the Cloud Permissions Firewall brings us that nothing that’s needed is taken and there will be zero interruption has eliminated our hesitations. Now we just deploy – confidently.”

img

Preetam Sirur, CISO, Eye Care Leaders

img

What’s the ROI for Cloud Permissions Firewall?

Discover how you can get to least privilege in 5 days while saving your business money.

Explore ROI

3

Cloud Permissions Firewall Does Not Disrupt DevOps

After protections are in place, permission exceptions can be made to provide on-the-fly access. When an identity tries to use a restricted sensitive permission or access a service, a request workflow is kicked off and sent to a relevant approver. This entire process takes minutes.

6

Permissions-on-Demand workflows in 90 days

On average an enterprise organization will have six on-demand requests for access to restricted sensitive permissions or to “wake up” a zombie identity.  The minimal disruption and infrequent requests are made possible by the fact that original restrictions are based on activity and usage monitoring so nothing that is needed is taken. Future requests only occur when there is new use of sensitive permissions or a zombie identity. Any non-sensitive permission usage does not require a permissions on demand workflow.

4

Cloud Permissions Firewall Automatically Protects an
Evolving Cloud

100%

of new identities created in the last 90 days were protected with default deny.

New identities are created every day and they’re given access they don't need. This means more overprivileged identities that your teams would need to manually bring to least privilege. With Cloud Permissions Firewall, the global deny policy enforces a default deny – meaning, new identities created under it will automatically be restricted from sensitive permissions.

Sonrai logo

Secure Sensitive Permissions and Access

The Sonrai Cloud Permissions Firewall takes instant action to protect excessive sensitive permissions and secure unused services, regions, and identities. There is zero disruption to development. See it for yourself below.

Learn More Request a Free Trial See Pricing

  • Solutions
  • Cloud Security Platform
    • Cloud Permissions Firewall
    • Identity / CIEM
    • CNAPP
    • Workload / CWPP
    • Platform / CSPM
    • Data Access Security
    • Data / Cloud DLP
    • Detection & Response / CDR
    • Workflow & Automation
    • Sonrai Identity Graph
Sonrai Main Logo
  • Why Sonrai
    • Interactive Tour
    • Cloud Identity Audit
  • Platform Details
    • Free Trial
    • Pricing
  • Use Case
    • Least Privilege
    • Privileged Access Management
    • Attack Path Disruption
    • Audit & Compliance
  • User Roles
    • CloudOps
    • DevOps
    • Security
  • Learn
    • Resource Library
    • Customer Stories
    • Access Summit
    • Blog
    • Videos
    • Webinars
    • Identity Security Maturity Guide
    • Cloud Permissions Firewall ROI
  • Company
    • Why Sonrai
    • Story & Leadership
    • Careers
    • News
    • Awards & Recognition
    • Contact us
  • Partners
    • Integrations
    • Global System Integrators
    • Solution Providers
  • Cloud Provider
    • Amazon Web Services
    • Google Cloud Platform
    • Microsoft Azure
    • Oracle Cloud
  • Twitter
  • Linkedin

© 2024 Sonrai Security. All rights reserved

Sitemap   |   Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.

Scroll to top