Multi-cloud ‘over-permissioning’ causing cyber risk headaches for businesses
With multi-cloud environments expanding, businesses are creating too many unused identities that can be abused
Microsoft has warned that a pervasive culture of “over-permissioning” due to rising cloud workloads and infrastructure expansion is placing organisations at greater risk of breaches.
The 2023 State of Cloud Permissions Risks report, published by Microsoft this week, found that as businesses increasingly move to multi-cloud environments, many are granting permissions that are deemed “high risk”.
Permissions allow users or machines to access applications or resources within a cloud environment and perform specific operations or commands. Microsoft said that human and machine-based user identities use just 1% of permissions granted in their daily functions, meaning that the vast majority are sitting idle and unused.
“As cloud environments expand, they have inadvertently become more complex to manage,” Microsoft warned in its report. “With over 40,000 permissions that can be granted to identities, of which more than 50% are high-risk, it is becoming increasingly difficult for organisations to know who has access to what data, and across which cloud platforms.”
Why taking ownership of resiliency is critical to cloud success
Solutions Experts from HPE share their perspectives on the resiliency challenges of cloud adoption and the need to make conscious decisions about your workloads and data
Microsoft said that since the publication of its inaugural report in 2021, it has observed a “significant increase” in organisations granting permissions to access critical cloud resources.
Similarly, the report highlighted a sharp rise in the number of ‘super admins’ present in multi-cloud environments. 'Super admins' refer to user or machine-based identities that have access to all resources within an organisation’s cloud infrastructure.
Alex Simons, corporate VP of program management at Microsoft’s Identity division, warned that super admins are “extremely over-permissioned" and that 98% of these identities are unused, meaning they could be at heightened risk of misuse if a breach occurs.
“Super admins are human or workload identities that have access to all permissions and all resources. They can create and modify configuration settings to a service, add or remove identities, and access or even delete data,” he said.
“Extremely over-permissioned, our research found that less than 2% of permissions granted to super identities are used, and 40% of super admins are workload identities. Left unmonitored, these identities present a significant risk of permission misuse if breached.”
Machine-based identities posing added risks
The expansion of machine-based identities in cloud environments was a key concern highlighted by Simons, with human identities now outnumbered by a ratio of 10:1.
This means that visibility and monitoring of activity within multi-cloud environments can become an increasingly difficult task, with organisations unable to effectively mitigate potential misuse of permissions.
Unified consoles create a seamless multi-cloud management experience
Supporting a more flexible, scalable approach to cloud management
“In today’s multi-cloud world, human identities are no longer the only ones accessing multi-cloud infrastructure,” Simons explained. “The number of workload identities operating across clouds, including apps, VMs, scripts, containers, and services has exponentially increased, now outnumbering human identities ten to one.”
Simons said that organisations must take steps to narrow this growing permissions gap to mitigate the potential for misuse. To achieve this, firms must implement the principle of “least privilege” and reduce the number of permissions across their infrastructure.
“Closing the permissions gap and reducing the risk of permission misuse requires organisations to implement the principle of least privilege,” he said.
“This must occur consistently to all human and workload identities across multi-cloud environments. Organisations can achieve this at a cloud scale by adopting a Cloud Infrastructure Entitlement Management (CIEM) solution to continuously discover, remediate, and monitor the activity of every unique user and workload identity across multi-cloud.”
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
Ross Kelly is a staff writer at IT Pro, Channel Pro, and Cloud Pro, with a keen interest in cyber security, business leadership and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined IT Pro in 2022 after four years working in technology conference research.
In his spare time, Ross enjoys cycling, walking and is an avid reader of history and non-fiction.
You can contact Ross at email@example.com or on Twitter and LinkedIn.
Why technology, cyber and privacy risk management are critical for digital transformation
Thank you for signing up to Cloud Pro. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.