Whac-A-Mole is a timeless arcade classic with a simple goal: when a mole pops up, whack it back into its hole. Inevitably, however, a few of those pesky, popping creatures seem to evade the wrath of the jumbo cushioned mallet at the very last second.
I was reminded of this game when I read a recent article on the state of the global cloud computing market. The cloud computing market is expected to grow from $371.4B in 2020 to $832.1B by 2025. Knowing just how hard it is to manage, govern, and enforce cloud access, I couldn’t help but think of the moles. How can organizations effectively control access in a cloud environment where the velocity, volume, and variety of change is exponential, and threats keep popping up?
Even with a carefully crafted governance framework, access can be directly provisioned in cloud environments, bypassing processes and procedures. In the worst-case scenario, unauthorized or malicious actors can make their way in your high-value IaaS cloud environment—just like one of those little moles getting away before you can whack it.
Cloud Information Overload
Many organizations have opted to adopt stand-alone CIEM solutions (cloud infrastructure entitlement management) to monitor their cloud environment. While this practice is an excellent first step, it’s not an all-in-one solution for the many challenges that can surface, like moles in your security system. Attempts to secure cloud access will not be sufficient, and you will be challenged to fight off all the moles popping up with access.
Security teams can experience additional alert fatigue as some CIEM solutions can generate an additional alerts and notifications that add to the work queue. Your time can be consumed triaging through a tangled web of cloud access, becoming more difficult due to a lack of visibility to the users’ actual identities that have access. For example, several questions can arise during this process, including:
- Who (or what) really is DevOpsUser1 or AWSGroup2?
- Is this a user that should even have access?
- Is this even a real user or something else?
Making sense of these alerts and tracking down access is hard enough for a few, let alone hundreds or thousands of access points that are constantly changing. Your game of Whac-A-Mole has just become more challenging.
Cloud Access Violations
Many organizations continue to play the game without the help of an identity framework. For example, in response to an alert, they may automatically remove or remediate that flagged access in the target cloud environment—this is a process that many CIEM solutions support and emphasize as a best practice. But, without the larger context of who the user is, global access policies, or how much access was granted, it could inadvertently remove approved access entirely, or create a toxic combination of access since it’s unaware of what’s already been provisioned. Either way, business processes are disrupted, or worse, security and compliance risks are introduced.
Addressing cloud access violations by making direct changes in your target cloud environments circumvents the organizational processes and procedures that were put in place to reduce the risk of access modifications not being reviewed, approved, and audited. This direct remediation in the CIEM tool focuses on solving a symptom of a problem rather than the root cause—potentially creating a continuous game of removing and adding cloud access, which adds time and cost to the process.
CIEM and Identity Security
By integrating your CIEM solution with your identity platform, you can leverage existing infrastructure (i.e., existing investments) to provide the context you need to enable cloud access correctly and “whack” all the cloud access moles that pop up. By taking an identity-centric approach to cloud governance, your existing identity processes, workflows, signoffs, and reporting can be extended to your cloud environments—simplifying administration, enhancing security, and easing compliance.
If you’re ready to reduce the time chasing down endless cloud access violations, consider an identity-centric approach to manage access to the cloud. That will leave you more time to play Whac-A-Mole where it should be played—at malls and amusement parks.
About the Author: Gianni Aiello is a Director of Product Management at SailPoint, where he leads a product team focused on helping enterprises manage access to Cloud Infrastructure. Gianni has 10 years of experiences in identity and access management with most of that time spent as a product leader. Across his career he has matured products, developed new products from scratch including SailPoint’s AI services and recently led the product integration of acquired technologies. Prior to SailPoint he worked at Bazaarvoice, a global SaaS provider of social commerce applications for e-commerce sites.