The cloud has revolutionised the way we work, providing businesses with on-demand access to scalable and cost-effective resources. But with great power comes great responsibility, especially when it comes to managing cloud infrastructure and entitlements.

There is growing recognition that traditional cybersecurity approaches – such as the castle-and-moat approach to protecting the perimeter – simply don’t work in the cloud because they focus solely on external threats, neglecting the growing concern of insider threats and vulnerabilities within the cloud infrastructure itself.

Instead, the primary attack surface is now identity.

Identity is everything in the cloud, and Identity and Access Management (IAM) has become the new perimeter and a critical component of security in this distributed environment. It encompasses the tools and policies used to ensure that the right users – and only the right users – have access to the right resources at the right times and for the right reasons. It involves managing identities (both human and non-human, such as services or IoT devices), their permissions and various authentication mechanisms (like passwords, multi-factor authentication, etc.).

Let’s first look at why the castle-and-moat approach to protecting the perimeter no longer suffices when it comes to the cloud. The castle and moat analogy in cybersecurity refers to a perimeter-based security model. It visualises an organisation’s network as a castle, with valuable data and systems residing within. The moat represents the security measures implemented to protect the internal network from external threats.

In the digital world, the ‘castle’ is your computer network with valuable data, and the ‘moat’ is a strong outer defence. Firewalls and security systems act like guards, keeping intruders out. However, once inside the network (like crossing the drawbridge), users have free reign. The castle and moat method to security works well against external threats, but it has weaknesses. It assumes everyone inside is trustworthy and doesn’t address insider threats or attacks that bypass the perimeter.

The current cyber-attack cycle often starts with attackers seeking access through poorly managed privileges and then pivoting between resources, discovering credentials and other identities to obtain something of value.

In the public cloud, where resources are spread out and accessible remotely, identity becomes paramount for security because it dictates who can access what, and how. Here are some of the reasons why identity is paramount:

  • Access Control: Centralised identity management allows you to define granular permissions for users and applications. Without proper identity controls, anyone could potentially access sensitive data or perform unauthorised actions.
  • Authentication: Strong identity verification ensures only authorised users and applications can access cloud resources. Multi-factor authentication (MFA) adds an extra layer of security beyond just usernames and passwords.
  • Accountability: Identity creates an audit trail. By tracking who accessed what resources and when, you can identify suspicious activity and hold individuals accountable for their actions in the cloud.
  • Shared Responsibility: Public cloud security is a shared model. While the provider secures the infrastructure, you control who has access to your resources. Identity management is crucial in fulfilling your part of the security responsibility.
  • Dynamic Environments: The public cloud is fluid, with resources constantly being created, modified, and deleted. Identity helps maintain control in this dynamic environment by ensuring access permissions are always up-to-date and aligned with current needs.

Effectively managing identities in the public cloud is like managing the keys to your digital kingdom. Strong identity practices and carefully managed privileges are the foundation for securing your data, applications and overall cloud environment. However, with hundreds of privileges available to assign to an entity, the chance of getting it right for every entity all of the time is very low indeed without a tool like CIEM (Cloud Infrastructure Entitlements Management).

Whereas the castle and moat analogy focuses on keeping attackers out, CIEM also focuses on detecting and responding to threats within the system. CIEM goes beyond just perimeter security and encompasses activities like user behaviour monitoring, log analysis and incident response. It keeps track of who has keys (access permissions) to each room and ensures no one has more access than they need. CIEM constantly monitors these permissions, identifying overly powerful keys and potential security risks. CIEM continuously monitor for new threats and vulnerabilities, therefore helping organisations follow the ‘least privilege’ principle and reducing the chances of data breaches in the cloud.

CIEM uses analytics to identify potential security incidents and threats, allowing security teams to gain visibility into security events across the organisation; detect and investigate suspicious activity and respond to security incidents more quickly and effectively.

To conclude, the phrase ‘IAM is the new perimeter’ reflects a paradigm shift from network-centric security models to identity-centric models, where managing identities and access effectively is key to securing digital assets in a distributed and cloud-based computing environment. A robust CIEM solution can significantly improve your cloud security posture, ensure compliance, optimise costs and give you peace of mind knowing that your cloud kingdom is well-protected.