Why are machine identities the most vulnerable in Black Hat 2022?

Why are machine identities the most vulnerable in Black Hat 2022? ...

Hybrid cloud configurations are too complicated to manage, leading to cyberattacks exploiting security flaws. Further, differences between public cloud providers in their native identity access management (IAM) products make it difficult to enforce zero-trust principles in a hybrid cloud environment.

Many enterprise IT teams do not have the resources to handle machine identities in hybrid cloud deployment strategies. According to research, only about 40% of machine identities are being tracked everyday due to the average employee having over 30 digital identities.

In hybrid clouds, machine identities are at high risk.

The first session, titled IAM The One Who Knocks, was presented by Igal Gofman, Ermetic's research director, and Steven Seeley, a security researcher at the 360 Vulnerability Research Institute. Both presentations presented recommendations on what enterprises can do to reduce the danger of a breach.

Researchers IGofman and Dahan illustrated how different the dominant cloud platforms approaches to IAM are. Protecting machine identities with native IAM support from each public cloud platform just isn't working, as gaps in hybrid cloud configurations leave machines vulnerable. Their presentation provided insights into what makes Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platforms (GCP) approaches to IAM different.

2022 MetaBeat

On October 4, MetaBeat will bring together thought leaders to discuss how metaverse technology will transform the way all industries communicate and do business.

Dahan noted that IAM systems in all three cloud providers discussed in the session are quite complicated. We expect that organizations will make mistakes. One of the most important things you can do is to keep one AWS account or GCP project per workload.

AWS, Microsoft Azure, and GCP have sufficient features to assist an organization get up and running, but they lack the infrastructure to fully address the more challenging, complex aspects of IAM in hybrid cloud configurations.

Cloud providers claim that their machine identities are secure, yet in hybrid cloud environments, this happens very quickly. Gofman and Dahan pointed out that enterprises are responsible for breaching machine identities because every platform provider defines its scope of services using the shared responsibility principle.

Steps to safeguard machine identities

Sessions on IAM that included Black Hats provided in depth insights and recommendations on how to better protect machine identities, including:

Understanding that AWS, Microsoft Azure, and Google Cloud Platforms IAM systems do not protect privileged access credentials, machine identity, endpoint, or threat surface in a hybrid cloud configuration. CISOs and CIOs rely on the shared responsibility model to create enterprise-wide security strategies that will enable the least privileged access possible in hybrid cloud configurations.

AWS, Microsoft Azure, and Google Cloud Platforms are examples of hybrid cloud architectures that do not require an entirely new identity infrastructure. Creating new, often duplicate machine identities increases costs, time, overhead, and the burden of additional licenses, but enterprises that have a standard identity infrastructure must continue to maintain it. Changing it will most likely create errors, leave identities vulnerable, and be costly to fix.

To reduce the risk of a breach, enterprises should consider IAM platforms that can extend beyond hybrid cloud configurations. IAM architectures also support customized scripts for protecting workflow-based identities, including containers, VMs, IoT, mobile devices, and more.

Akeyless, Amazon Web Services (AWS), CrowdStrike, Ivanti, HashiCorp, Microsoft, Venafi, and others are leading vendors working to secure IAM for machine identities.

You may also like: