A new report by CloudKnox Security has recently revealed a ‘dubious’ gap for permissions across enterprise hybrid and multi-cloud environments.
The study reported that almost 90% of organisations were using fewer than 5% of permissions granted. Indeed, for AWS, more than 95% of identities were using fewer than 2% of permissions granted; for Azure, 90% for less than 2% respectively; while for Google, it was 90% for less than 5%.
The report called this the ‘cloud permissions gap’, which is due to misunderstandings over shared responsibility, and how cloud providers only have responsibility ‘of’ the cloud, and its associated infrastructure.
Moreover, the study also showed that it is almost impossible for identity and access management or cloud infrastructure teams to manually manage everyone who is accessing cloud infrastructure as well as using particular permissions. Hence, organisations are obliged to properly implement the principle of least privilege to ensure the best defense.
Thus, the report recommends companies to leverage activity-based authorisation in order to right-size permissions of identities as well as identify, improve, and monitor identity and access management hygiene regularly. It was also advised to implement automated, continuous compliance and reporting.