• Latest
  • Trending
Protecting Your Organization’s Root Accounts

Protecting Your Organization’s Root Accounts

December 6, 2021
Apple is reportedly testing iPhones with USB-C

Apple is reportedly testing iPhones with USB-C

May 16, 2022
Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

May 16, 2022
AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

May 16, 2022
GrAI Matter Labs Unveils sparsity-native AI SoC

GrAI Matter Labs Unveils sparsity-native AI SoC

May 16, 2022
Tecnotree Launches a Transformation Suite for MTN Ghana

Tecnotree Launches a Transformation Suite for MTN Ghana

May 16, 2022
Ghana with Moringa School and Brighter Investment to promote digital skills for jobs

Ghana with Moringa School and Brighter Investment to promote digital skills for jobs

May 16, 2022
SA Obscure Technologies announces strategic alliance with DNSSense

SA Obscure Technologies announces strategic alliance with DNSSense

May 16, 2022
SLVA Cybersecurity to provide crucial new API security solutions

SLVA Cybersecurity to provide crucial new API security solutions

May 16, 2022
Samsung PRO Endurance Up to 256GB microSD Memory Card

Samsung PRO Endurance Up to 256GB microSD Memory Card

May 16, 2022
Apacer AS2280Q4U M.2 PCIe Gen4 x4 NVMe 1.4 for PS5

Apacer AS2280Q4U M.2 PCIe Gen4 x4 NVMe 1.4 for PS5

May 16, 2022
ProGrade Digital SDXC UHS-II V90 512GB U3 Memory Card

ProGrade Digital SDXC UHS-II V90 512GB U3 Memory Card

May 16, 2022
Team Group T-Force Vulcan Z SATA 2.5-Inch With 3D TLC Flash

Team Group T-Force Vulcan Z SATA 2.5-Inch With 3D TLC Flash

May 16, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 16 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Protecting Your Organization’s Root Accounts

by ITECHNEWS
December 6, 2021
in Opinion
0 0
0
Protecting Your Organization’s Root Accounts

For many cloud apps, administrators are given a super admin account credential, also known as the root account, which allows wide-reaching administrative access to the account. These super admin credentials are necessary for some administrative actions and should be the organization’s most secure account credentials. However, if root accounts are left unprotected, attackers can abuse your account resources to cryptomine or stage attacks on others, causing significant costs and potential liability.

Root account credentials can cause significant damage if leaked. Earlier this year, we saw a group of hackers gain access to 150,000 cameras worldwide via the surveillance startup Verkada. Verkada acted quickly to take these cameras offline, but the damage had been done: live feeds of Tesla factories, women’s health clinics, psychiatric hospitals and jails became public before the company was even aware the attack was taking place. Securing super admin credentials may have slowed down or stopped these attacks altogether. 

YOU MAY ALSO LIKE

How to Eliminate Certificate Misconfiguration in Kubernetes

Types of Encryption Algorithms

AWS Root Account Usage

Amazon Web Services (AWS) is one example of a cloud service that provides a root account. Amazon strongly encourages users to avoid using root accounts for everyday tasks. The Center for Internet Security (CIS) AWS Foundations Benchmark 1.2 also recommends root accounts are protected with MFA for additional security. However, we find many root accounts in regular use that lack MFA. 

Netskope recently conducted an audit of 915 AWS root accounts and found that regular use is widespread, occurring in 42% of organizations. Additionally, nearly two-thirds of all root accounts don’t have MFA enabled. We also found root account usage occurs regularly: an average of 13% of the total 153 organizations we analyzed used the root account at least once during the week we surveyed.

How to Protect Your Root Account

There are four key strategies to implement immediately to protect the AWS root account. A secure root account will help keep attackers from gaining access and protect important data if they do. 

1) Work with users so that the root account is only used for tasks that cannot be performed as an IAM user. After the initial account set up, you should provision more limited identity and access management (IAM) administrator accounts or roles as needed.

2) Immediately delete or deactivate any root account API keys and provision an API key under a specific IAM user with appropriate privileges. Stealing access keys is a common attack vector, whether stolen from client machines or accidentally committed into source repositories.

3) Enable MFA on the root account. This can be done with a virtual device or hardware key. The root account should not be used often, and the number of people who are authorized to use it should be very small, so enabling MFA should not require a lot of overhead.

4) Implement regular and frequent automated auditing of the root account configuration in all accounts by checking the credential report. Fortunately, the CIS Benchmark for AWS provides good detail and guidance, and you can implement your checks using API/CLI scripts.

As attacks on root account credentials continue to rise, organizations should take an active role in securing these credentials as much as possible. Taking these four steps can help protect your organization from the financial risk, liability, data loss or data exposure that might occur if an AWS root credential is lost or stolen. In addition to AWS, be sure to review other cloud apps and services that you are using to ensure that all root and administrator credentials are appropriately locked down.

Ray Canzanese director, Netskope Threat Labs

ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Apple is reportedly testing iPhones with USB-C

Apple is reportedly testing iPhones with USB-C

May 16, 2022
Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

May 16, 2022
AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

May 16, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Apple is reportedly testing iPhones with USB-C

Apple is reportedly testing iPhones with USB-C

May 16, 2022
Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

May 16, 2022

Recent News

  • Apple is reportedly testing iPhones with USB-C May 16, 2022
  • Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC May 16, 2022
  • AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU May 16, 2022
  • GrAI Matter Labs Unveils sparsity-native AI SoC May 16, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version