There are several benefits of migrating your business processes and systems to the cloud, like low-cost and faster time to market. However, with the array of benefits come new risks that hold back many enterprises from migrating to the cloud. One of the most significant risks comes from unauthorized access through misuse of employee credentials and improper access controls.
To thwart these risks, you can use principles of least privilege (POLP) in cloud environments.
What Is POLP?
POLP refers to providing a minimum level of permissions and access to the user to perform his/her job functions. The idea behind POLP is every program, process, or user functioning in the cloud environment should have the least authority to avoid any misuse of the permissions.
Here we have discussed four vulnerabilities that necessitate POLP in the cloud framework.
- Separation of Duty
Also known as Segregation of duties, it refers to the concept where more than one individual must complete a task. Separation of duty is hard to achieve due to the complexity of internal controls. It focuses on sharing a set of privileges and responsibilities between multiple users to prevent error and fraud.
Consider an example of creating vendors in a purchasing system. In a traditional scenario, creating fake vendors and invoicing is a common practice followed by fraudsters. Under the separation of duties, you can divide the tasks into two or more users.
For example, one user can create a vendor; one user needs to approve the vendor. By segregating the task, you reduce the possibility of fraud by forcing two or more users to collude on tasks.
The principle of minimal privileges ensures the first user cannot approve the vendor he/she created and ensures the second user cannot create a vendor. The dual control separately requires the approval of two users to complete a business function.
- Dormant Identities
A dormant identity refers to a user that has been not active for a long time. These user accounts do not have any login activity and may not be a part of daily activity logs. Dormant identities are a more significant risk in the cloud environment as malicious users or hackers can access these identities to gain control over critical functions in the cloud environment.
Malicious parties can use these dormant identities to perform destructive activities to the company’s data, security, and reputation. The principle of least privilege can list all identities as per their access level rights. It gives the administrator a holistic view of which identity has the highest access rights and has the least access rights.
It can help IT administrators keep a tab on dormant identities and deactivate them from the system from time to time. All of this will reduce the risks posed by unauthorized access to dormant identities. Even if some hacker gets access to dormant identity, he/she cannot inflict much damage to the cloud environment due to limited access rights.
- Toxic Combination
The idea behind toxic combination is you should never give an entity (human or automated process) exclusive access rights over the system. For example, all access rights to detect violations and evaluate access rights is given to the same person. To reduce the risk of toxic combinations, IT administrators should focus on segregating tasks and giving them access rights to different identities.
The principle of limited privilege ensures no user enjoys full access rights over the system. All users are granted limited access rights to perform their daily functions only.
- Privilege Escalation
It refers to an act where a malicious user gains access to another user account’s privileges in the cloud environment. Privilege escalation is often a result of IAM misconfiguration. There are two types of privilege escalations – vertical and horizontal. Both types can cause serious harm to organizational data and disrupt cloud processes.
Horizontal privilege escalation refers to a scenario where a malicious user gains access to a user account with higher access rights. For example, a trial account user gets access to a premium account. Vertical privilege escalation refers to a scenario where a malicious user gets access to a user with administrator rights.
The principle of minimal privileges can work to prevent privilege escalation. For example, the POLP can ensure even super users and admins have limited access to the systems they manage. The principle of minimal privileges ensures no user account has broad permission to access all network systems.
To sum up, the principle of least privilege is a simple yet effective concept to balance risk, productivity, privacy, and security in cloud environments where the workloads and risks are changing all the time.