Just 1% of Cloud Permissions Are Actively Used

Written by

A surge in workload identities, super admins and “over-permissioning” is driving increased cyber risk for organizations running cloud infrastructure, according to Microsoft.

The tech giant’s 2023 State of Cloud Permissions Risks report calculated that over 40,000 permissions could be granted across the major cloud platforms, and that over half of these are high risk.

Permissions refer to the authorization given to users or machines that enable them to access specific resources.

Unfortunately, a lack of visibility and control over these authorizations could be exposing organizations to the risk of cloud security breaches and misuse.

Microsoft found that user and workload identities are using just 1% of permissions granted for their day-to-day job functions. Further, more than half (50%) of identities are defined as “Super Identities,” meaning they have access to all permissions and all resources. Over 60% of all identities are inactive.

Given that Super Identities can create and modify service configuration settings, add or remove identities, and access or delete data, it is concerning that less than 2% of permissions granted to these are actually used.

Read more on cloud security risks: Four-Fifths of Firms Hit by Critical Cloud Security Incident.

It is machine rather than human identities where some of the biggest risks lie. The number of cloud-based workload identities including apps, VMs, scripts, containers and services has increased “exponentially,” and these now outnumber human identities 10 to 1, according to Alex Simons, CVP of program management in Microsoft’s identity division.

The average percentage of inactive workload identities (80%) has doubled since 2021, and less than 5% of permissions granted are used by workload identities, he added.

“Closing the permissions gap and reducing the risk of permission misuse requires organizations to implement the principle of least privilege,” Simons concluded.

“This must occur consistently to all human and workload identities across multi-cloud environments. Organizations can achieve this at a cloud scale by adopting a Cloud Infrastructure Entitlement Management (CIEM) solution to continuously discover, remediate and monitor the activity of every unique user and workload identity across multi-cloud.”

The Microsoft report also had the following advice for cloud infrastructure customers:

  • Grant permissions on-demand for a limited period, or on an as-needed basis to support least privilege
  • Assess permissions risks and determine which identity has been doing what, where and when
  • Continuously monitor permissions usage across clouds
  • Ensure lifecycle monitoring to improve security posture and save security teams time

What’s hot on Infosecurity Magazine?