Securing Identities in the Cloud

How are we securing identity in the cloud? Unlike on-prem, the cloud requires you to cede control to a vendor. So what can we do to keep identities safe?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark , the producer of CISO Series , and Geoff Belknap . Joining us is our sponsored guest Adam Bateman //O , CEO, Push Security .?

Editorial note: Geoff Belknap is an advisor to Push Security.

Where are we going wrong

Before we can start addressing the correct ways to secure identities in the cloud, it’s important to recognize our current state. Christina Morillo of the New York Football Giants shared a list of failed practices. There’s a litany of cloud identity sins in it, including MFA not being enforced, unrestricted external access to file sharing, and giving regular user accounts highly privileged roles. All of these center around organizations giving attackers easy opportunities to move laterally in a cloud tenant.

Finding the missing pieces

A lack of SSO standards resonates with a lot of security professionals. "Choosing SaaS products that support industry standard SSO such that we can provision, permission, authenticate, and of course, de-provision from our cloud-based IdP across the board," is sorely needed according to Sean R Turner , CISO of Twinstake . We have SSO solutions, but because of industry fragmentation, it's not getting the job done. "What we are missing is a single SSO standard. The issue we have isn't the lack of SSO or its implementation. It's that there are too many standards. For example SAML, 0Auth, OIDC or 0Auth with OIDC many times a service won't support a particular provider," said Brandon Maytham of Kroo Bank .

Protecting an expanding border

We know identity is the new parameter because it’s where threat actors keep targeting. But the explosive growth of identities makes securing it challenging. "Identities keep expanding, both in amount and scope, and the ways to identify entities are ever evolving. It seems we have a gap in being able to track all of these different types of identities against a predictable lifecycle and expected uses," said Jay Dance of StubHub . Just keeping an inventory of our provisioned identities is not a solved challenge. Jeff Moncrief of Sonrai Security laid out the issue, saying, "We need awareness and mitigation of the entire unused permission attack surface. From identities to services and everything in between, a holistic shift in how we view everything unused but turned on across our cloud estates. The ‘unused’ problem is much bigger than just unused identities."

It starts with understanding risk

Because of the explosive growth of identities in the cloud, we need tools to continuously review what they can access. From there, a risk-based approach to permissions will allow organizations to get a handle on the issue. "We need to ensure continuous access reviews and Risk and SOD violations as defensive mechanisms. One of the architectures being very effective these days is risk-based provisioning for both, cloud-based identity provisioning as well as SSO-based provisioning," said Nihar Dhruva of SunPower Corporation .

Listen to the full episode over on our blog , or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to Colt Blackmore of Reach Security for being an unwitting participant in this week’s episode.?

Listen to this week's episode.

Huge thanks to our sponsors, Push Security

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts , Spotify , YouTube Music , Amazon Music , Pocket Casts , RSS , or just type "Defense in Depth" into your favorite podcast app.

Cyber Security Headlines - Week in Review

Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be James B. , CISO, Tampa General Hospital . Thanks to Prelude .

Thanks to our Cyber Security Headlines?sponsor, Prelude

The Crucial Role of Network Segmentation in OT Environments with DirectDefense

Sponsored video

Network segmentation plays a critical role in Operational Technology (OT) environments. Contrary to popular belief that segmentation is primarily for resilience and uptime, Christopher Walcutt, CSO, DirectDefense emphasizes that it's more about achieving visibility. Even the best monitoring tools are ineffective without proper segmentation, as OT networks are often set up with open communication between devices, hindering threat detection.

Watch the video.

Huge thanks to our sponsor, DirectDefense

Jump in on these conversations

"Do you allow employees to use your company email on iPhone/Android native email apps?" (More here )

"Enterprise Password Manager"?(More here )

"Stunted career growth"?(More here )

Join us, Friday [07-12-24], for "Hacking the Materiality of a Data Breach"

Join us Friday, July 12, 2024, for?“Hacking the Materiality of a Data Breach: An hour of critical thinking about when a breach is material or not.”

It all begins at 1 PM ET/10 AM PT on Friday, July 12, 2024?with guests Jason Clark , chief strategy officer, Cyera and Dustin Wilcox , vp and CISO, Elevance Health .?We'll have fun conversations and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Cyera

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com .

Interested in sponsorship,?contact me,? David Spark .