In March 2021, we posted a three-part series about whether cloud-native identity and access management (IAM) controls are good enough for an enterprise. Many of the points we raised at that time are still valid. However, the industry has developed and learned a lot since then.

More companies and analysts now recognize cloud identity and access governance (CIAG) as key. The lack of CIAG is a potential threat to any organization with a cloud environment. This is a big step forward. After all, you can only fix problems you know about.

The Challenges of a Cloud Environment 

When you have a cloud environment (or multicloud environment), one of the biggest challenges is to understand what’s really happening with users and access rights. Why? Freely granting undefined access to anyone who needs to manage a cloud device creates uncertainty within and among environments. Therefore, it’s difficult to manage access privilege controls.

If threat actors obtain access rights, they can breach the system. Many of the access conditions in cloud environments hold privileges in such a way that they can create a back door into the business. For example, an administrator might have access to business data. The misuse of these privileged access rights can cause severe damage to your data, people and reputation.

A good example of the impact of unmonitored access is the Lapsus$ group. They used human and non-human identities to get access to cloud accounts and stage further attacks. Once they had the identities, they could then set up virtual machines for nefarious purposes and make other unwanted inroads.

What Is CIAG?

The first goal of CIAG is to gain reliable insight into the access rights assigned to users (human or non-human) in your cloud environments. It also shows how these access rights are being used or not used. That’s where various tools come into play to support recognition and remediation. Cloud infrastructure and entitlement management is a combination of processes and solutions that deal with this new breed of IAM.

Tools are an important part of the solution, but you still need to integrate the results and findings into your corporate IAM framework. This integration cannot be a one-time clean-up or creation of some new roles. Instead, it needs to set up an IAM framework that provides the means to maintain these results. 

Setting this up is not just about technical implementation, either. CIAG takes people, processes and policies to implement a working IAM framework. People often make light of the hard work needed to coordinate with business stakeholders, as well as developers, admins and DevOps engineers. You can make this easier through strategy boards and joint working groups or communication campaigns. We will discuss these aspects of CIAG further in part two of this blog.

In addition, a different ‘clock rate’ is required for the cloud than for traditional IAM processes. Therefore, automate as much as possible. For example, you might automate approval processes by using pre-defined and pre-approved roles and rules specific to cloud-based use cases.

Learn More About CIAG

As an orchestration layer, CIAG manages identities in cloud environments and provides governance for identities and access rights. It also enables integration into an enterprise IAM framework.

Explore more about CIAG and related topics in the webinar The Cloud Security Maturity Model: Setting Priorities in your Cloud Security Roadmap and in part two of this blog.

More from Cloud Security

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…

How to Implement Cloud Identity and Access Governance

Creating identity and access governance across cloud environments is crucial for modern organizations. In our previous post, we discussed how important human and non-human identities are for these environments and why their management and the governance of their access can be difficult. In the face of these challenges, our cloud identity and access governance (CIAG) approach offers an orchestration layer between cloud identity and access management (IAM) and enterprise IAM, as the following graphic shows. As we continue our CIAG…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…