• Latest
  • Trending
Securing Onboarding and Offboarding in the Cloud

Securing Onboarding and Offboarding in the Cloud

January 10, 2022
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 29 November, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Securing Onboarding and Offboarding in the Cloud

by ITECHNEWS
January 10, 2022
in Leading Stories, Opinion
0 0
0
Securing Onboarding and Offboarding in the Cloud

One of the most fundamental challenges of securing the identity-defined perimeter is efficiently managing and securing the cloud identity life cycle. 

This priority comes into sharpest focus with offboarding users—or, more accurately, the failure of so many organizations to revoke standing access privileges to DevOps environments and other sensitive IT resources. 

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

Companies today use hundreds or thousands of cloud services, and a typical DevSecOps operation can easily generate thousands of data access events every day. The result is that each human and machine user has multiple identities and standing privilege sets sitting vulnerable to exploitation. If those privileges are not revoked or expired when an employee or contractor leaves the organization, that massive attack surface remains in place indefinitely. 

The most effective way to manage the identity life cycle is by maintaining least-privilege access (LPA) and zero standing privileges (ZSP) for those privileged users while working in the cloud. In today’s dynamic work environment where employees and contractors frequently join and leave your organization, accounts and access should be revoked automatically upon their departure.

Automate Onboarding Processes

Automated onboarding lets organizations quickly and easily grant dymanic role-based access control (RBAC) to new users, manage their permissions while working for your organization and wholly and promptly offboard them when they leave. Cloud-forward organizations should look for a solution that operates on a standalone basis–or integrates via API with an existing identity governance and administration (IGA) system, identity directory or human resources management system. 

The objective is to develop an integrated directory for managing employee access privileges. You can define attributes by job role—for instance, full-time employee, contractor, senior executive—that will determine what kind of access privileges are granted, how long those privileges will last and, most importantly, when authorizations will expire. 

Offboarding Users Upon Termination

When an employee or contractor leaves your organization, all access to operation-critical cloud services must get terminated to protect your data and the account itself. This includes expiring API keys, tokens and secrets stored in frequented cloud repositories, i.e., command-line credential files stored locally on desktops. For instance, you can manually remove a user from their RBAC group to automatically terminate their access to profiles, effectively revoking their access to the associated cloud services. Additionally, for contract employees or internal employees assigned to a given project, access rights can be tied to the length of the contract or project. 

A cloud-native security solution built for the most demanding cloud-forward enterprises is ideal. With such a solution, you can empower teams across cloud infrastructure, DevOps and security functions with dynamic and intelligent privileged access administration solutions for multi-cloud environments. Organizations that implement cloud security best practices like just-in-time (JIT) access and zero standing privileges (ZSP) to prevent security breaches and operational disruptions increase efficiency and user productivity.

Role Right-Sizing

Organizations should practice role right-sizing based on policy to ensure users have only the necessary privileges to perform their jobs. Policies should award privilege grants to specific roles based on contextual information including location, activity and time of day. Such policies should include onboarding and offboarding processes that follow the recommendations described in this article.

When policy requirements are met, users will be granted specific privileges within a cloud application. These privileges should be assigned to the user using the JIT model mentioned above and only for the duration of the activity.

Organizations should adopt an automated security solution, given that each cloud service has different permission logic to learn before policies focused on specific kinds of activities in each cloud service can be built. Manually doing this is time-consuming and often prone to over-provisioning privileges for a particular task or creating privilege sprawl. 

An automated dynamic permissioning platform also provides additional visibility for governance. Such a platform should have a deep understanding of available roles, the catalog of the policies for acquiring them and the user activity associated with the privileges to provide your SecOps and DevOps teams with the complete picture of activity and risk associated with cloud application privileges and their use. 

Cross-Cloud Visibility

Advanced visibility into privileges and risky privilege-related behavior is essential when conducting the internal audits that support policies and ensure appropriate onboarding and offboarding processes.

If your organization uses a multi-cloud environment, you know how important it is to grant the permissions your team needs to complete tasks efficiently and effectively. But it is also critical to continuously manage those users, to know at-a-glance who has access to what and have a reliable process for granting and revoking privileges on the fly. 

The problem is many teams lack a solution that can do this across a multi-cloud environment. As more users enter an organization’s environment, administrators often grant elevated permissions because they do not have a systematic way to right-size permissions without impeding productivity. 

What’s more, once permissions are granted, it is a significant challenge to know which permissions are being used and by whom. This leads to excessive standing privileges that put your organization at risk. 

Organizations need to look for ways to proactively monitor users across multi-cloud environments, automatically enforce permission and role right-sizing and quickly achieve a least-privilege model cross-cloud.

The power to see in one place which users need permissions revoked or refined empowers admins with the authorization and confidence to act swiftly. As a result, greater visibility moves privilege access management in multi-cloud from a state of uncertainty and risk to a state of accuracy and control. 

Admins can quickly see how roles are being used and determine if they should revoke or grant new permissions. The more visibility you have, the better your right-sizing process becomes; your attack surface shrinks and your least privileged model strengthens and refines. 

Overcoming Onboarding and Offboarding Challenges

Over time, both standing and dynamic privileges can drift as roles and responsibilities change—resulting in over-privileged users. Moreover, when contractors or employees leave an organization, they often retain up to 75% of their access credentials due to incomplete offboarding. That is why onboarding and offboarding users in multi-cloud environments is so important. Organizations must be vigilant and possess tools to effectively manage privileged user access.

In some cases, an organization may be tempted to overcome these challenges by building an in-house DIY solution. But the cost and overhead for developing the solution, not to mention the need to have security expertise for each cloud service, must be considered. Most organizations that go this route end up overwhelmed and experience a drawn-out time-to-value process. 

However, by working with a vendor that enforces strict policies, role right sizing and advanced visibility, organizations can protect the keys to their kingdom and prevent current or former team members from placing the entire organization at risk.

 

Source: Security Boulevard
Tags: SecuringCloud
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version