Day by day, businesses across America and even globally are
starting to understand the importance of moving entirely to the Cloud, and
totally eradicating with their On Orem infrastructures. Now, there is really nothing wrong with the latter
per se, it’s just that these are old legacy systems, which can cost a fortune
to maintain.
In today’s world, nobody can really afford that. In fact, many of the vendors that use to make
the reliable ecommerce back in the day, are probably no longer even in existence
today (one good example of this is Compaq – I bought their ProLiant server many
years ago).
And with the world going all digital one day, with the expectations
that we will soon evolve into the Metaverse, being totally in the Cloud makes
much more sense. Keep in mind tough that
a complete migration to the Cloud requires careful planning and is usually done
in phases in order to make sure that nothing is left out.
In this regard, it is best to make use of what is known as a
Cloud Services Provider, or CSP for short.
Not only can they plan the entire migration for you, but
they can also do it, and maintain it after it has been all said and done. But after a smooth transition from On Prem to
the Cloud has been done, your work has just started, at least from the standpoint
of security.
Probably the biggest issue here is that of Identity and
Access Management. This is essentially a
field of Cyber in which you establish all of your user and group profiles, and
from there, assign the needed rights and permissions.
If you are using Microsoft Azure, then a lot of this
headache will be eliminated if you make use of the Active Directory. This is actually pretty complex, but cut to the
chase, this is the centralized database in which all of the above is stored
at. It can be very simple or complicated
to use, a lot depends upon your security requirements, and just how big your
organization is.
It is important to keep in mind that Azure gives you all of
the tools you need in order to create a sound IAM Policy. But Microsoft won’t do that for you (of
course you hire them for a huge consulting fee), it is up to you to configure
your security environment the right way, which is according to your
requirements. In fact, this is where
many companies fail at.
They think that simply because they have moved into the Cloud,
all is well. No, there is much more work
to be done.
In fact, this is why data leakage has been such a huge issue
with the AWS. It’s not that the Private
Cloud that has been deployed is weak, it’s the fact that the owners of it have
not configured the S3 buckets properly. They leave it at the default settings,
thinking that it is enough.
But on the flip side, the Cyberattacker already knows what
they are, such it is just a matter for them of breaking into your Cloud
environment, tampering with the settings, and from there, exfiltrating all of the
data that they can get their hands on. This
is the first area a good IAM policy must address.
Also bear in mind that many organizations also fail to remember
that one of the key mantras of the Cloud is automation. What once took hours to do On Prem can now be
done in minutes in Azure. For example, this
means that all of the network log files, enabling new software applications
once the triggers and conditions have been met, managing all of the Cloud
Access Brokers (CASBs), etc. With all of
this stuff being interconnected together, privileges and rights can cross each
other, and in fact, even be used in the wrong way, thus leaving more exposure for
the Cyberattacker, You can consider all
of this automation as little robots running around in your Private Cloud trying
to get their assigned tasks done.
And if the right privileges are not in place, chaos is about
too erupt to a degree of which you have never seen before. This is the second area that a solid IAM policy
must also address. In fact, these are referred
to as Non-Human Identities, and have become a prime target for the Cyberattacker
to chase after.
My Thoughts On This:
So there you have it, the two main areas in the Cloud in which
IAM must address. Of course, there are
many other areas as well, especially those that relate for the Remote Workforce. The traditional security technologies of yesterday
are simply not enough to keep up with the security demands of today.
Thus, companies have to invest into some newer technologies
in order to keep up. These are also, I
believe, available in Azure, so take a look around.
But remember, one of the key tenets of an IAM policy is a top-down
approach. This simply means that if the
top brass, such as the C-Suite are obeying it, then there is a far greater
chance that the employees underneath will follow in the same fashion. This is how you should also plan for your IAM
strategies. You should always start from
a holistic sense, using this top-down mentality.
For example, take a look at all of the departments you have. Then from there, craft out the user groups
you will create for each one of them, as well as their respective rights and
permissions. Once this has been done,
then add in your employees to each of the groups that they will be a part of,
and assign the right rights and permissions in an en masse format.
Also, it is equally important to set up the permutations either
the deactivation or total eradication of a particular individual once their job
assignments have been completed.
Many IT Security teams fail to do this key task, and because
of that, it leaves a huge, backdoor for the Cyberattacker to penetrate
into. You should never have to take a
micro approach with an IAM Policy. If you
are, then that means something is not right and needs to be seriously reevaluated.
Finally, don’t discount the use of your log files that are
outputted from your network devices. They will give you all the information that
you will need when it comes to calculating the patterns of when your employees
log in and log out of all your Cloud based applications. This can also be useful in crafting out a
good IAM policy.
No comments:
Post a Comment