Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Innovation
    • IT Management

    How to Secure Authorization in the Cloud

    Written by

    eWEEK EDITORS
    Published September 10, 2019
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The public cloud has certainly been a great enabler for business, but it has also created a number of blind spots and brought with it serious security challenges. The collection of cloud services and applications has continues to increase exponentially, making access logic, permission sets, resources, capabilities and risks much more difficult to manage.

      Authorization is no longer a nice-to-have feature, it is an imperative. Permissions and access for user identities must be well defined and carefully verified, and over-provisioned users must be identified and their permissions right-sized. Otherwise, the results can be disastrous and often irreversible.

      Go here to see a listing of eWEEK’s Top SIEM Companies.

      Go here to see eWEEK’s listing of the Top Cloud Computing Companies.

      When planning your cloud infrastructure, note what access controls and security guidelines your cloud providers offer. Apply a principle-of-least-privilege model, and define permissions for each entity in your infrastructure based on this principle. Identify how any attacker, whether from outside or inside your organization, could reach sensitive information in any of your cloud services, and monitor those areas. This will allow you to focus on updating access and permission definitions every time a new position or cloud app is introduced into your organization, the cloud security best-practices are changed, or your cloud provider publishes a new security tool.

      Only after you have established a strategy to manage the security guidelines you have created, will you be able to adapt in this dynamic world, while reducing the risk of destructive configuration mistakes.

      In this eWEEK Data Points article, using industry information from Polyrize Security Head Researcher Tal Peleg, we present five tips to get you started in taking control of the access to your sensitive cloud information.

      Data Point No. 1: Know Your Infrastructure

      Know which users can access what, and why. In the cloud environment, it is all the more important to define strong privileges. Each entity, machine or storage space should have its own specific purpose, and communication between services should be according to need and use. Once you have set the boundaries for each resource, it will be much easier to monitor strange activity and access changes. You will be able to focus on consequential activities, rather than on putting out fires. Additionally, assign a purpose, with specific access permissions, for each virtual service or user, to mitigate the risk of unnoticed data leakage.

      The first step in designing your cloud environment should always be defining the roles of each component, as this will help you secure it, and keep it secure as you expand it in the future.

      Data Point No. 2: Apply a Principle of Least Privilege

      Delegate access permissions to roles, with each permission-giving access only to the resources it needs. Identify users with too many permissions, just like you would in an on-premises environment. When you reduce the number of entities with access to sensitive information, it is easier to monitor them and identifies unusual or new behavior in your cloud network. Remember that you never know where a breach will start, whether from stolen credentials from an administrator or a zero-day vulnerability in a web application, so choose carefully in whose hands you put your sensitive data.

      Data Point No. 3: Separate Your Resources

      The cloud gives you virtually unlimited storage space all over the world. Use it. But, just as you would not put your proxy server on the same machine as your database or your code base on-premises (not a good idea, ever), do not put all your data in the same storage or permission set in the cloud. For example, if access to your buckets in AWS is per role, create a separate bucket for your web applications, your logs, and your sensitive data, and create separate roles to access each of them.

      If access to folders is delegated in Box, keep your information segregated into separate folders, so it doesn’t accidentally fall into the wrong directory. If you are running a web application and a database with sensitive data, give each server and app only the privileges it needs.

      Data Point No. 4: Manage All Entities in Your Organization

      Define how you will be able to implement and maintain your security guidelines in the cloud environment. Remember, it is a dynamic environment, and users often switch positions or jobs. Your cloud security guidelines may change, and new requirements and apps may be introduced to your infrastructure. Managing many roles and permissions for all the resources in your environment can be confusing. Look for a platform that will help you manage your permission sets, and one that will expand as your needs, and your cloud network, grow. Also, look for one which covers all or most of your cloud services, so you can focus on advancing the company while keeping it secure.

      Data Point No. 5: Keep Your Infrastructure Up To Date

      Just as your business grows, and your products improve, public cloud providers, update their infrastructure and expand their security tools. Make a point to follow the changes in your cloud provider’s security guidelines, and upgrade to the strongest set of security tools they offer. You will sleep easier knowing your infrastructure is as strong as it can be. This will only get better and easier over time.

      In the public cloud today, it is easy to upgrade to the newest servers, storage and apps, and to keep up-to-date with the latest security best practices.

      If you have a suggestion for an eWEEK Data Points article, email [email protected].

      eWEEK EDITORS
      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.