- Companies need to limit their amount of privileged access as a growing number of firms accelerate the use of public cloud infrastructure, according to Arick Goomanovsky, co-founder and chief business officer at Ermetic.
- A large percentage of firms are getting out of storing critical information in on-site data centers and moving their data to cloud-based systems, according to 451 Research. This is especially the case since the acceleration of remote work due to COVID-19.
- Traditional methods of securing access privileges may not be enough to protect cloud data infrastructures from attack, according to Ermetic.
The recently disclosed nation-state attack on SolarWinds has forced open a debate in the IT and cybersecurity industries about whether companies need to reduce the level of access privileges outside vendors and internal administrators have to critical company data.
A malicious threat actor can weaponize a compromised vendor and if a company grants too much access, the actor can take control over various functions and data going through the supply chain.
In 2019, Capital One was hit by a massive data breach, which compromised the data of 106 million customers from the U.S. and Canada. A former Amazon Web Services employee was charged with exploiting a misconfigured web application firewall, which exposed millions of credit card applications.
The hack opened up a debate over the risks of public cloud storage. However, Capital One stuck with AWS and became the first major U.S. financial institution to finish moving its entire infrastructure to the public cloud.
"In the Capital One story, this is actually what happened, the threat actor was able to use the compromised identity and use its elevated permissions to move towards the more interesting resources, access S3 buckets and exfiltrate that information out," Goomanovsky said during a webinar this week.
If Capital One had been able to map all of its privileged identities and map what were the effective permissions across the infrastructure, they would have been able to see there was an elevated identity in their environment, he said.
By the year 2022, the percentage of workloads executed in public cloud environments, including SaaS and IaaS, will reach 52%, compared to 26% during 2020, according to Garrett Bekker, a principal analyst in the information security practice at 451 Research.
Over the same period, traditional on premises workloads will drop significantly to 17% by 2022, compared with 46% in 2020.