Access and Feeds

Security: Lax or Misconfigured Permissions Source of Many Incidents

By Dick Weisinger

Cloud security issues are often blamed on human errors made during system configuration. A recent study by Palo Alto Networks Unit 42 drilled down more on this claim and found misconfiguration of user security access was often the source of many problems. The configuration of permission assignments for users and groups is often referred to as identity and access management (IAM).

The study looked at 18000 different cloud accounts in 200 organizations and found that over the period of 60 days 99 percent of the users had permissions that were unneeded over that period. If accounts are breached, additional permissions often allow hackers to expand the scope of what resources can be attacked.

Unit 42 found that “misconfigurations within the identity user, role, or group policies within a cloud platform can significantly increase the threat landscape of an organization’s cloud architecture,” and these are vectors adversaries constantly seek to exploit. All the cloud threat actors that we identified attempted to harvest cloud credentials when compromising a server, container, or laptop. A leaked credential with excessive permissions could give attackers a key to the kingdom.”

The report concluded that “properly configured IAM can block unintended access, provide visibility into cloud activities, and reduce the impact when security incidents happen. However, maintaining IAM in the most secure state is challenging due to its dynamic nature and complexity. Historically, IAM misconfigurations have been the entry point and pivot cybercriminals most commonly exploit.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published.