Security News > 2020 > May > How to implement least privilege in the cloud

How to implement least privilege in the cloud
2020-05-13 05:30

By continually re-examining the environment and removing unused permissions, an organization can achieve least privilege in the cloud over time.

The effort required to determine the precise permissions necessary for each application in a complex cloud environment can be both labor intensive and prohibitively expensive.

How do we know which permissions are actually being used? And once we do, how do we right-size the role? Do we replace managed policies with inline ones? Do we edit existing inline policies? Do we create new policies of our own?

If the more privileged role has permission to access a variety of services like Amazon ElastiCache, RDS, DynamoDB, and S3, how do we know which services are actually being used by the original application? And how do we restrict the application's permissions without disrupting other applications that might also be using the second, more privileged role?

As we've seen, enforcing least privilege in the cloud to minimize access risks that lead to data breaches or service interruption can be manually unfeasible for many organizations.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/qaHldOAFips/