Proper identity and access management (IAM) policy controls are the Achilles’ heel of most cloud-based companies.
Palo Alto Networks, released a report that accuses 99 percent of organisations of taking an “overly permissive IAM approach.”
Palo Alto analysed more than 680,000 identities across 18,000 cloud accounts at 200 organisations to understand configuration and usage patterns, and described its findings as “shocking”.
The issue stems primarily from credential mismanagement. During the course of its research, it found that 44 percent of organisations allow IAM password reuse, and 53 percent of cloud services allow weak passwords.
The survey found that individual identities are empowered to do far more in the cloud than they need to. Palo Alto claimed that 99 percent of end-user organisations, roles, services and resources are granted excessive permissions that are either never used or left unused for long periods of time.
Added to this, end-user organisations have a tendency to misuse built-in cloud service provider (CSP) IAM policies, granting them 2.5 times more permissions on average than policies they manage themselves.
Palo Alto said this combination of excessive permissions and permissive policies effectively hands over the keys to the safe to malicious actors.
“When taken alongside the stratospheric adoption of cloud platforms during the pandemic, cloud environments now have a temptation that adversaries find impossible to resist, opening the door to a new type of threat actor that “poses a threat to organisations through directed and sustained access to cloud platform resources, services or embedded metadata”, the report said.
Palo Alto said its Unit 42 research team believes cloud threat actors merit their own definition because they are now starting to deploy a substantially different set of cloud-tailored tactics, techniques and procedures, and moreover, they know very well that IAM policy mismanagement is a near-universal Achilles’ heel.
