The most popular and comprehensive Open Source ECM platform
Entitlement Management: The Achilles Heel of Cloud Security
Entitlement Management is the mapping of identity with access privileges across a network. Privileges can include access to groups, applications, and any network resources. It is a way to identify who has access to what and what types of access permissions they have been assigned.
Entitlement tracking can become particularly complex in scenarios where many automated services intercommunicate with each other. Mismappings and assignment of privileges beyond what is actually required can provide a vulnerability that could be exploited to enable a cyber attack.
David Christensen, director of Global InfoSec Engineering and Operations at WEX, told InformationWeek that “you say ‘I’m just going to use this policy because it looks like it’s going to work for me’. But then that server inherits access to other resources, too, including access it doesn’t need. As a human being we can’t process all those actions in such a short period of time to determine whether or not approval of a policy is going to lead to a future security incident. It’s what I keep describing as the Achilles heel of cloud security. It’s like a matrix of if this then that, and most people who have to define that can’t do it fast enoughâ€¦When the business is trying to move fast, sometimes you just have to say, ‘well, I don’t think that this is bad, but I can’t guarantee it.'”
The matrix of possible interactions becomes even more convoluted with cloud and service-based architectures where many services interact with each other.
Shai Morag, CEO at Ermetic, advises that “managing cloud identities, access and entitlements requires continuous monitoring and policy enforcement… Make sure you build in as much automation as possible. The sheer volume of identities and entitlements makes manual administration virtually impossible and error-prone.”
Leave a Reply