move laterally through the network by
escalating privileges and work their way
up to owning a domain. In modern cloud
environments, an attacker can save
steps by compromising one privileged
user and then leveraging this access
to compromise, for example, a cloud
management console.
Hijacking these types of privileged
credentials allows attackers to shut
down said cloud environment.
It’s impossible to say whether the
cloud is more or less secure than on-
premises. Regardless, misconfigurations
across these open, more centralised
environments can ripple in an
exponential way that you don’t see
in traditional deployments. Securing
privilege in the cloud has therefore
become an enterprise imperative.
www.intelligentciso.com
|
Issue 23
Bringing developers and
security teams closer
Application credentials typically
outnumber those associated with human
accounts, so controlling, managing and
auditing non-human privileged access
for these applications is no small feat.
A similar approach must be taken to
securing the application credentials of
cloud native apps.
Organisations can quickly find
themselves leveraging native secret
stores provided by their cloud, DevOps
and Robotic Process Automation
(RPA) vendors. This leads to a heavily
fragmented approach and ‘islands’
of security. Then, when the security
teams are asked to help secure these
applications, the main questions are:
where do these secrets live and who is
Organisations do not
secure business-
critical applications
deployed on the
cloud any differently
to how they
secure low-value
applications or
services.
75