According to Microsoft, the proliferation of workload identities, superadministrators, and “over-permissions” are increasing cyber risks for organizations operating cloud infrastructure.
tech giant The State of Cloud Permission Risk in 2023 The report calculates that over 40,000 permissions could be granted across major cloud platforms, more than half of which are high risk.
A permission is an authorization given to a user or machine that allows access to a particular resource.
Unfortunately, lack of visibility and control over these authorizations can expose organizations to the risk of cloud security compromise and abuse.
Microsoft found that user and workload identities only used 1% of the permissions they were granted for their day-to-day work. Additionally, more than half (50%) of the identities are defined as “super identities”. This means they have access to all permissions and all resources. Over 60% of all identities are inactive.
Given that Super Identities can create and modify service configuration settings, add or delete identities, and access or delete data, less than 2% of the permissions granted to them are actually used is concerned.
For more information on cloud security risks, see 4 out of 5 companies hit by a major cloud security incident.
It is machine identity, not human identity, where some of the biggest risks lie. According to Alex Simons, CVP of Program Management for Microsoft’s Identity Division, the number of cloud-based workload identities, including apps, VMs, scripts, containers, and services, is growing “exponentially” and currently , these numbers exceed human IDs by 10 to 1.
He added that the average percentage of inactive workload IDs (80%) will double from 2021, with less than 5% of granted permissions being used by workload IDs.
“To close the privilege gap and reduce the risk of privilege abuse, organizations should implement the principle of least privilege,” concluded Simons.
“This must happen consistently for all human and workload identities across multicloud environments. Organizations are adopting Cloud Infrastructure Entitlement Management (CIEM) solutions to ensure all We can do this at cloud scale by continuously detecting, remediating, and monitoring the activity of our unique users and workload identities.”
Microsoft’s report also provided the following advice for cloud infrastructure customers:
- Supports least privileges with on-demand granting of permissions for a limited period of time or as needed
- Assess permissions risk and determine which identities were doing what, when and where
- Continuously monitor permission usage across clouds
- Ensure lifecycle monitoring to improve security posture and save security team time
