Whether a cloud permission falls into the wrong hands for malicious use, or an employee uses it and unintentionally introduces new risk, cloud permissions can be powerful tools.

Some permissions inherently hold more power than others and should be controlled accordingly. With over 40,000+ possible actions across the major cloud providers, prioritizing locking down the permissions with the greatest potential for damage is critical.

With this in mind, our teams have analyzed all cloud permissions and ranked them by their potential for damage. Not only are these permissions ranked by sensitivity, but we’ve mapped them to the notable MITRE ATT&CK Framework.

Find examples of powerful cloud permissions at each pivotal stage of the MITRE ATT&CK Path for AWS, Azure and Google Cloud in this guide.