Take Command of your Robot Army
December 20, 2013 | DevOps |
When you think about managing access to your organization’s data or IT resources, you tend to think about application users.
Who are the people in my organization? What information do they need to access in order to do their jobs? What privileges should people have, and how can I easily on-board and off-board staff?
With the advent of service-oriented architecture and cloud technology, there’s another rapidly evolving “user” in the infrastructure; a growing army of workers that aren’t yet being effectively managed. This new generation of users lives in the back-end infrastructure and IT control plane. Think of them as your robot army.
The robots are the virtual machines and web services that broker between end users and data. They are numerous, dynamic, and potentially very powerful. As a result, you have another complex identity and access management problem – controlling your robot army.
You Need to Prevent the Robots from “Spilling Their Guts”
These robots have more direct access to information than people do. And like a friend who can’t keep a secret if you ask them, a compromised machine will often readily yield access to all the systems and data it touches. Compromised robots can and will hand over the “keys to the kingdom” without resistance. They can be used maliciously by intruders to rapidly escalate their privilege level, and improperly permissioned systems can be accidentally accessed and damaged by inexperienced system admins. Therefore, these systems should be managed and privileged in a similar way to human users; limiting their capabilities prevents them from “spilling their guts” to an attacker, or allowing accidental access.
How Large is the Robot Army?
The robot army is a combination of the software pieces that make up the new cloud “operating system.” It could comprise the following components:
This is your robot army. How many robot users are in each of the boxes at your organization? How much information could they potentially access?
Who is minding them?
We face an emerging problem: each part of the new cloud stack is developing its own access control system that are specific to the service. Robot controls are proliferating but each control only covers part of the problem. As a result, implementing a comprehensive solution for robot IAM is becoming more and more challenging.
A Cloud Security API That Actually Speaks “Cloud?”
Simply put, organizations need a way to manage, curate, and constrain cloud system resources and people through centralized management when these individuals are too numerous or dynamic to be managed by hand. You need a cloud security API that speaks “cloud.” The ideal solution is one that performs enterprise-grade cloud security, compliance, and auditing with a simple, flexible and lightweight developer framework that meets the needs of IT, security, and developers alike.
And with it, you can keep your robot army marching safely and securely.