Research reveals that IAM is too often permissive and misconfigured

2022-04-14 14:56

New cloud threat research from team Unit 42 at Palo Alto Networks reveals several security issues due to bad permissions handling and misconfiguration, which opens doors wide for threat actors.

In cloud environments often composed of more than hundreds or thousands of workloads, every device or machine identity might be a risk for the cloud infrastructure.

Palo Alto Networks' Unit 42 studied 680,000 cloud users, roles and services, and found out that 99% of cloud identities were overly permissive.

To come to that staggering percentage, the researchers considered a cloud identity to be overly permissive if it was granted permissions that were unused in the past 60 days.

53% of the cloud accounts studied allowed weak IAM passwords, which means fewer than 14 characters.

In addition to the exposed five threat actors, Palo Alto Networks also reports that advanced persistent threat actors, which are often nation-state actors, employ cloud infrastructure when needed.

News URL

https://www.techrepublic.com/article/research-iam-permissive-misconfigured/

#IAM #research