By Raj Mallempati, chief operating officer at CloudKnox Security

The Biggest Cyber Threat to an Organization is Itself

It's a new year and a new decade, but security remains a primary concern for enterprises across all industries. Hacker resilience only grows stronger as the traditional security perimeter becomes more amorphous. Identities are now the new perimeter, which means the insider threat is greater than ever. And this threat is even more complex for organizations that operate in hybrid- and multi-cloud environments.

With this in mind, following are the top concerns for enterprises as we enter 2020.

Hackers will significantly increase the use of non-human identities to maliciously access sensitive business data

2019 shined a spotlight on the (mis)use of non-human identities-specifically machines, and access keys-to maliciously access sensitive data. We saw it with the CapitalOne breach. Over the coming year, we'll see a significant increase in the number of incidents where hackers will use misconfigured, overprivileged non-human identities to maliciously access sensitive and business-critical data. They will target these identities because most of them have excessive high-risk privileges with no oversight.

All cloud-first enterprise organizations will use automation to adopt and standardize on least privilege policies across their enterprise cloud infrastructure platforms

There has been an exponential increase in the number and complexity of managing identities and cloud resources in hybrid/multi-cloud environments. The number of identities accessing the cloud infrastructure has increased by 50x, driven by the increase in non-human identities needed for automation. These identities can access more than 20,000 high-risk privileges that can potentially impact the infrastructure adversely. Most identities only use less than 1% of the privileges that have been granted.

This has transformed identities into over-privileged superpowers with significant infrastructure risk exposure. The most effective way to address this challenge is by automatically implementing a least privilege policy framework with elevated privileges on demand based on dynamic usage. More companies will turn to automated systems that continuously monitor and manage the privileges of all identities across hybrid and multi-clouds to counter this challenge. In fact, in response to the CapitalOne breach, AWS's CISO said that "if a customer properly implements a ‘least privilege' policy, there is relatively little an actor has access to once they are authenticated - significantly reducing the customer's risk." 

Cloud data breaches will shine a spotlight on the shared responsibility model

In 2020 and beyond, we anticipate that an increased number of data breaches will result from organizations making the false assumption that cloud service providers offer complete protection, which simply isn't true under the shared responsibility model. The currently accepted model states that the cloud provider is responsible for the security of the underlying cloud infrastructure, but it's an enterprise's responsibility for the data and systems on top of that infrastructure.

Most cloud security incidents result from a combination of misconfigurations or inadequate protections put in place by the enterprise, and too much complexity or a lack of inherent security policies by the cloud infrastructure provider. As a result, organizations will fail to identify the gaps that must be addressed within their enterprise cloud infrastructure platforms. Organizations will find themselves liable for more severe repercussions as government cyber-legislation ascribes harsher consequences. This will increase the need for solutions to automatically provide visibility and control over every action that every identity performs on every cloud resource.

The cloud security threat surface becomes more complex

Cloud infrastructure and security operations teams are being asked to do the impossible: manage and secure multiple, complex, and vastly different cloud platforms while keeping up with the never-ending expansion of new machine and human identities, resources, services and privileges. This requires organizations to implement a strict threat mitigation strategy, plan and processes to continuously monitor and assess all human and non-human identities' activities and behaviors in order to quickly produce a forensic trail of all privileged identity activity and resources impacted. Security teams will need the ability to continuously monitor, swiftly identify and remediate incidents, while also being able to deliver proof of compliance to auditors at any point in time.

##

About the Author

Raj Mallempati is the chief operating officer at CloudKnox Security. Prior to joining CloudKnox, Raj was SVP of marketing at Malwarebytes, VP of Global Marketing at MobileIron, VP of Product Marketing at Riverbed Technology and Director of Marketing and Business Strategy at VMware.