Skip to main content

Good Identity Hygiene and Analytics are Key to Cloud Security

By: Mohammed Al-Moneer, Regional Director, MENA at A10 Networks
As cloud computing has matured, the benefits it delivers to organizations of all sizes are undeniable. Companies are enjoying agility, scale and speed like never before.
And cloud adoption shows no signs of slowing. Gartner last month forecasted that worldwide public cloud revenue is set to grow 21.4% in 2018 to total $186.4 billion, up from $153.5 billion in 2017.
With this huge growth in cloud adoption and the recent rash of cyberattacks targeting organizations across all industries, effective security in the cloud is paramount.

Exposed APIs

One way the cloud introduces new security risks to organizations is the underlying infrastructure that makes the cloud and cloud applications run, which consists of publicly exposed APIs.
Why is that an important distinction? Because essentially, what makes APIs useful also makes them exploitable. APIs are built with fully exposed controls to support orchestration, management, automation and integration between solutions and applications.
This level of exposure makes them a rich target for exploitation, and can introduce another dimension of security challenges for businesses, as it expands the boundaries that were not part of traditional on-premise perimeters that enterprises are used to.
It’s often noted that attackers will take the path of least resistance, and employees – sometimes even those in IT organizations – will unwittingly help them, often by using lax identity practices.

Identity Weakness is an Open Door

There will always be employees who fall prey to phishing attempts, surf exploited websites, use unsecured free Wi-Fi networks in public and download other sketchy material. All of this behavior opens the door to potential attackers.
At the same time, common infrastructure weaknesses are seen by attackers as the exploit of choice to land a beachhead within an organization, such as using a SQL query to find cached credentials or finding an unpatched, publicly exposed server to exploit.
And, of course, you have bad identity and password practices that are always enticing to threat actors – and there’s no shortage of employees who fall back to first initial-last name or password1234 as their password of choice.
Identity weakness can also open the door to full control of the API.

Identity Hygiene

There’s no 100 percent ironclad way to prevent intrusion through exploiting identity, but you can slow them down. How? Through good identity hygiene. Some ways to implement this in your organization include:
Multi-Factor Authentication 
Time was, a password was the only necessary way to authenticate to a network or applications. That worked well for a while. Not anymore. Additional layers of defense are imperative. Threat actors can easily crack passwords, so the use of additional types of authentication, such as biometrics and tokens ensure tighter security.
Passphrases over Passwords 
We’ve seen time and time again where weak passwords are cracked. A passphrase, however, makes it more difficult. Where a password is typically up to 10 letters, numbers and symbols, a passphrase, however, has a much longer character length to stymie possible attackers and commonly contains underscores to separate words in the phrase.
Passphrases don’t have to be grammatically correct and they can also use numbers and symbols to make cracking them that much harder. Mamma Mia! Your passphrase can be your favorite Abba lyric, if that’s your thing.
Depreciate Expired Employee Accounts 
Leaving accounts open for former employees or for services no longer in use opens a hole that is easily exploited. A good rule of thumb is to shut down expired employee accounts immediately to dramatically reduce the chance of a disgruntled former employee access the network.
Monitor Access Logs 
It sounds like a no-brainer, but knowing who accesses what and when can avoid catastrophe. Monitor access logs frequently for anomalies and to ensure end-users have the correct levels of access.
The industry is currently making improvements in identity by implementing multi-context analysis strategies that include time of access, country of origin, host computer in use and other behavioral analyses to add weight to identity.

Analytics to Detect Anomalies

Analytics and the ability to detect security anomalies in the cloud are also imperative. Having a strong understanding of how applications are performing and their security posture can provide insight into levels of access and potentially flag a possible security issue before it wreaks havoc.
Per-app analytics and security data coupled with strong identity hygiene will help ensure your cloud and cloud applications are both high-performing and secure.

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

Insurtech startup Kruzr raises $1.3 Million from Saama Capital and Better Capital

InsurTech startup Kruzr has raised 1.3 Million USD (Rs. 9.5 Cr) for its seed round led by Saama Capital with participation from Better Capital. Kruzr is a preventive motor insurance technology which helps insurance companies personalize policy premiums & improve their risk model by delivering an engaging preventative driving assistant to their customers. Kruzr is founded by Pallav Singh, Ayan, and Jasmeet Singh Sethi.

Kruzr blends the power of voice technology and artificial intelligence in its personal driving assistant that helps drivers minimize mobile distractions, drowsy driving, speeding and external risks like weather and accident-prone zones. In pilots with insurers, Kruzr managed to cut down distracted driving by 80%. Kruzr is working with motor insurance companies in Europe, UK and India to bring its technology to their customers to prevent accidents & improve claims.

“Road accidents cause over 1.3 million deaths globally every year, and motor insurance companies los…