• Latest
  • Trending
Securing Onboarding and Offboarding in the Cloud

Securing Onboarding and Offboarding in the Cloud

January 10, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
Sabrent Rocket V90 SDXC Memory Card

Sabrent Rocket V90 SDXC Memory Card

July 15, 2022
addlink Unveils SPIDER X5 DDR5 RGB Memory and A95 and A90 Lite SSDs

addlink Unveils SPIDER X5 DDR5 RGB Memory and A95 and A90 Lite SSDs

July 15, 2022
Corsair Dominator Platinum DDR5 Achieves DDR5-6600

Corsair Dominator Platinum DDR5 Achieves DDR5-6600

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 10 August, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Securing Onboarding and Offboarding in the Cloud

by ITECHNEWS
January 10, 2022
in Leading Stories, Opinion
0 0
0
Securing Onboarding and Offboarding in the Cloud

One of the most fundamental challenges of securing the identity-defined perimeter is efficiently managing and securing the cloud identity life cycle. 

This priority comes into sharpest focus with offboarding users—or, more accurately, the failure of so many organizations to revoke standing access privileges to DevOps environments and other sensitive IT resources. 

YOU MAY ALSO LIKE

Fibre optic interconnection linking Cameroon and Congo now operational

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Companies today use hundreds or thousands of cloud services, and a typical DevSecOps operation can easily generate thousands of data access events every day. The result is that each human and machine user has multiple identities and standing privilege sets sitting vulnerable to exploitation. If those privileges are not revoked or expired when an employee or contractor leaves the organization, that massive attack surface remains in place indefinitely. 

The most effective way to manage the identity life cycle is by maintaining least-privilege access (LPA) and zero standing privileges (ZSP) for those privileged users while working in the cloud. In today’s dynamic work environment where employees and contractors frequently join and leave your organization, accounts and access should be revoked automatically upon their departure.

Automate Onboarding Processes

Automated onboarding lets organizations quickly and easily grant dymanic role-based access control (RBAC) to new users, manage their permissions while working for your organization and wholly and promptly offboard them when they leave. Cloud-forward organizations should look for a solution that operates on a standalone basis–or integrates via API with an existing identity governance and administration (IGA) system, identity directory or human resources management system. 

The objective is to develop an integrated directory for managing employee access privileges. You can define attributes by job role—for instance, full-time employee, contractor, senior executive—that will determine what kind of access privileges are granted, how long those privileges will last and, most importantly, when authorizations will expire. 

Offboarding Users Upon Termination

When an employee or contractor leaves your organization, all access to operation-critical cloud services must get terminated to protect your data and the account itself. This includes expiring API keys, tokens and secrets stored in frequented cloud repositories, i.e., command-line credential files stored locally on desktops. For instance, you can manually remove a user from their RBAC group to automatically terminate their access to profiles, effectively revoking their access to the associated cloud services. Additionally, for contract employees or internal employees assigned to a given project, access rights can be tied to the length of the contract or project. 

A cloud-native security solution built for the most demanding cloud-forward enterprises is ideal. With such a solution, you can empower teams across cloud infrastructure, DevOps and security functions with dynamic and intelligent privileged access administration solutions for multi-cloud environments. Organizations that implement cloud security best practices like just-in-time (JIT) access and zero standing privileges (ZSP) to prevent security breaches and operational disruptions increase efficiency and user productivity.

Role Right-Sizing

Organizations should practice role right-sizing based on policy to ensure users have only the necessary privileges to perform their jobs. Policies should award privilege grants to specific roles based on contextual information including location, activity and time of day. Such policies should include onboarding and offboarding processes that follow the recommendations described in this article.

When policy requirements are met, users will be granted specific privileges within a cloud application. These privileges should be assigned to the user using the JIT model mentioned above and only for the duration of the activity.

Organizations should adopt an automated security solution, given that each cloud service has different permission logic to learn before policies focused on specific kinds of activities in each cloud service can be built. Manually doing this is time-consuming and often prone to over-provisioning privileges for a particular task or creating privilege sprawl. 

An automated dynamic permissioning platform also provides additional visibility for governance. Such a platform should have a deep understanding of available roles, the catalog of the policies for acquiring them and the user activity associated with the privileges to provide your SecOps and DevOps teams with the complete picture of activity and risk associated with cloud application privileges and their use. 

Cross-Cloud Visibility

Advanced visibility into privileges and risky privilege-related behavior is essential when conducting the internal audits that support policies and ensure appropriate onboarding and offboarding processes.

If your organization uses a multi-cloud environment, you know how important it is to grant the permissions your team needs to complete tasks efficiently and effectively. But it is also critical to continuously manage those users, to know at-a-glance who has access to what and have a reliable process for granting and revoking privileges on the fly. 

The problem is many teams lack a solution that can do this across a multi-cloud environment. As more users enter an organization’s environment, administrators often grant elevated permissions because they do not have a systematic way to right-size permissions without impeding productivity. 

What’s more, once permissions are granted, it is a significant challenge to know which permissions are being used and by whom. This leads to excessive standing privileges that put your organization at risk. 

Organizations need to look for ways to proactively monitor users across multi-cloud environments, automatically enforce permission and role right-sizing and quickly achieve a least-privilege model cross-cloud.

The power to see in one place which users need permissions revoked or refined empowers admins with the authorization and confidence to act swiftly. As a result, greater visibility moves privilege access management in multi-cloud from a state of uncertainty and risk to a state of accuracy and control. 

Admins can quickly see how roles are being used and determine if they should revoke or grant new permissions. The more visibility you have, the better your right-sizing process becomes; your attack surface shrinks and your least privileged model strengthens and refines. 

Overcoming Onboarding and Offboarding Challenges

Over time, both standing and dynamic privileges can drift as roles and responsibilities change—resulting in over-privileged users. Moreover, when contractors or employees leave an organization, they often retain up to 75% of their access credentials due to incomplete offboarding. That is why onboarding and offboarding users in multi-cloud environments is so important. Organizations must be vigilant and possess tools to effectively manage privileged user access.

In some cases, an organization may be tempted to overcome these challenges by building an in-house DIY solution. But the cost and overhead for developing the solution, not to mention the need to have security expertise for each cloud service, must be considered. Most organizations that go this route end up overwhelmed and experience a drawn-out time-to-value process. 

However, by working with a vendor that enforces strict policies, role right sizing and advanced visibility, organizations can protect the keys to their kingdom and prevent current or former team members from placing the entire organization at risk.

 

Source: Security Boulevard
Tags: SecuringCloud
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022

Recent News

  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Ericsson and MTN Rwandacell Discuss their Long-Term Partnership July 15, 2022
  • Airtel Africa Purchases $42M Worth of Additional Spectrum July 15, 2022
  • Huawei steps up drive for Kenyan talent July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version