Despite Covid-19’s impact on the economy, public cloud usage and its associated revenue—for all the online services purchased by businesses or individual customers—continues to grow. The steady transition to cloud services brings with it another reality – the amount of data we need to safeguard and the number of user identities we need to protect is also growing at an unprecedented rate. Cloud cyber security issues are here to stay.
In the updated forecast for the public cloud revenue published in July 2020, Gartner forecast growth of 6.3% in 2020 to total $257.9 billion, up from $242.7 billion in 2019. It’s important to note that Gartner defines the public cloud quite broadly:
- Cloud Business Process Services (BPaaS) – includes Accenture, Capgemini, Infosys, NTT Data
- Cloud Application Infrastructure Services (PaaS) – includes AWS Elastic Beanstalk, Google App Engine, Heroku, Windows Azure
- Cloud Application Services (SaaS) – includes Office 365, Google Workspace, Salesforce, Box, Dropbox, SecureAuth, etc.
- Cloud Management and Security Services – includes VMware, Morpheus Data, Flexera, etc.
- Cloud System Infrastructure Services (IaaS) – includes AWS EC2, Google Compute Engine, Digital Ocean, etc.
- Desktop as a Service (DaaS) – includes Amazon WorkSpaces, Citrix Managed Desktops, Windows Virtual Desktop, etc.
What this growth of public cloud spend tells us is that companies will continue to integrate more SaaS apps and cloud services into their business processes. This is true for well-established companies such as Boeing or General Electric as well as born-in-the-cloud companies like Uber or Zendesk.
None of these integrations are possible without an identity and access management system (IAM) to bind all the identities across these systems together. Historically, this role was performed by Microsoft Active Directory and similar on-premises directories. However, the switch to SaaS has eroded the concept of domain controllers, forcing a conversation about the access control and system management performed by domainless cloud directory services.
Identities outside the domain and network perimeter
The dispersion of user identities and protected resources outside the network perimeter increases the risk of identity compromise and provides a new set of attack vectors for hackers. Every year, the M-Trends report from FireEye Mandiant provides a comprehensive view of the world of hacking. Let’s review three risks which continue to be a pain in 2020 and 2021:
- People are the weakest link – Most malicious actors use cleverly disguised phishing or spear phishing attacks to gain credentials or coax users to install malware. Despite all the security awareness trainings, phishing continues to be a viable attack vector.
- Developers don’t use security best practices – Well-designed public cloud services with a robust identity security framework such as AWS may provide an attack vector if developers are employing poor security practices, such as GitHub accounts without MFA, storing credentials in plaintext in GitHub, usage of IAM access keys instead of IAM roles to perform API requests, usage of overly permissive IAM roles rather than using the least privilege model.
- Companies run unpatched systems – Malicious actors will continue to exploit vulnerabilities in unpatched systems to gain escalated privileges and compromise the endpoint.
On a positive note, companies got much better at detecting attacks: 56 days is the median dwell time between intrusion and detection (vs 78 days in 2017/18). Better, but still relatively slow. For any cloud cyber security expert this is inadequate.
Bridge for identities between SaaS, IaaS
The persistent threat from bad actors forces CISOs to act as if their organizations were under constant attack. Such task requires skillful coordination between the networking, IT security, and app security groups. Since identities cross these various systems for machine-to-machine authentication as well as user authentication, it creates an impetus for a centrally managed cloud IAM system. Such cloud IAM system should cover both workforce and customer identities, with a shared set of security principles.
While the market provides several options for Cloud IAM, SecureAuth comes in with a strong identity security perspective:
- Modern cloud-based single sign-on (SSO) to over 8000+ SaaS applications. These include popular workforce apps such as Office 365, Google Workspace, Salesforce, Box, Dropbox, Zoom, Microsoft Teams, GoToMeeting, or Webex. SSO options include SAML, OIDC, WS-Federation, OAuth, extending SSO options across public cloud apps, in-house developed custom private cloud apps and on-prem apps.
- Multi-factor authentication (MFA / 2FA) that’s convenient for users. Workplace cloud MFA means you can ask users for more, for example to install and set up an OTP authenticator client like SecureAuth Authenticate with Symbol-to-Accept. In the case of customer IAM (CIAM), retailers, healthcare providers, or airlines may prefer to offer 2FA in the form of one-time passcodes via SMS/text, email, and phone. Setting up these factors is simpler because you already collected customer’s email address and phone number during account registration or purchase. SecureAuth Cloud IAM further augments the security of CIAM accounts with integrated phone risk evaluation.
- Risk-based adaptive authentication is an identity-based security perimeter that uses adaptive, risk-based authentication to better identify and block cyber-attacks – without burdening users. Device recognition, geolocation and geofencing and known threat lists provide intelligence and weigh in when it comes to authenticating users. While users remain oblivious to these behind-the-scenes calculations and risk checks, their access experience feels seamless. Additional multi-factor authentication steps are only triggered when risk is present.
- Integrated workforce and customer identities for SaaS applications is becoming a must. Most SaaS apps are not directory-integrated, forcing IT admins to manually provision and de-provision users. However, the growing adoption of the SCIM standard amongst SaaS vendors has made things easier. CISOs are now looking to integrate existing workforce directories and customer identity stores into a single centralized console. This setup provides visibility into application use, password strength, and compliance. The goals are a lighter administrative burden, cost savings, and stronger identity security.
Balanced cloud cyber security
Cloud cyber security is often a balancing act. Simplified administration and stronger security should never cause a disruption in user experience. SecureAuth provides an enterprise-ready Identity and Access Management solution delivering the strongest security with over 25+ strong adaptive MFA options with one goal: delightful user experience for your employees and customers.
Continue reading
The SecureAuth 2020 State of Identity Report
Protecting Email from Cyber-attacks: Office 365 is key (Mandiant/FireEye M-Trends 2017 Report findings)
