Identity in the cloud: 11 practices to secure it
is the headline of the news that the author of WTM News has collected this article. Stay tuned to WTM News to stay up to date with the latest news on this topic. We ask you to follow us on social networks.
The first step to securely managing identity in the cloud is to protect your most highly privileged identities. In this sense, CyberArk Identity Security solutions allow you to apply AWS security best practices to support secure identity management in the cloud.
1. For root users we recommend taking additional security measures. Credentials for the root user of your AWS account grant full access to all of your resources for all AWS services. And because you can’t reduce the permissions associated with the root user of your AWS account, it’s important to protect it.
2. For all other users we advise creating an individual identity and giving each user a unique set of security credentials. It is also possible to give different permissions to each user, and if necessary, change or revoke those permissions.
3. Use user groups to assign identity permissions. Instead of defining permissions for individual users, it is more convenient to create groups of users related to the functions to be developed. Next, define the relevant permissions for each group and assign individual users to those groups.
The first step to securely managing identity in the cloud is to protect your most highly privileged identities.
4. Grant least privilege. When creating identity and access policies, we recommend granting least privilege or granting only the permissions necessary to perform a task. In addition to determining what users (and roles) must do and design specific policies to perform only those tasks.
5. Enable multi-factor authentication. For added security, it’s best to require multi-factor authentication (MFA) for all account users. With MFA, users must answer a question or additional items to gain access.
6. Set up a strong password policy for your usersa process that can be automated to save time and increase security.
7. Monitor all access and isolate permissions. Best practices include continuously discovering and managing privileged accounts and credentials. You can choose to monitor sensitive sessions, to look for risky activities in all environments, or isolate those sessions.
8. Change credentials regularly and make sure all users on your account do the same. It is important to alternate credentials frequently, depending on the criticality of the access and data. That way, if a password or access key is compromised, it’s possible to limit the time the credentials are used to access resources.
9. Remove unnecessary credentials and continually reassess permission levels of existing credentials and remove unnecessary permissions, as well as remove the identity of AWS user credentials (passwords and access keys) that are not needed.
10. Do not share secrets, especially non-human access keys and Secure Shell (SSH). Do not embed unencrypted access keys or share these security credentials among users of your AWS account. For applications that require access to AWS, configure the program to retrieve temporary security credentials using an identity and access role.
11. Monitor activity in your AWS account. To do this, you can use the logging features in AWS to determine the actions that users have taken in your account and the resources that were used.
More information: www.cyberark.com