by John Worrall
In a recent blog post, we highlighted some of the results of our 7th annual Global Advanced Threat survey, which showed that 80 percent of businesses believe that cyber-attacks represent a greater national threat than physical attacks.
In this post, we’re diving a little bit deeper into some of the results, specifically around controlling privileged accounts in the cloud.
As we’ve discussed frequently on this blog, privileged accounts have emerged as the primary target for cyber-attackers. Businesses are becoming more aware of this – and in the recent survey, 64 percent of respondents indicated they’re now managing privileged accounts as an advanced threat security vulnerability.
While this number shows growing awareness around the privileged account security issue, it was concerning that this awareness evaporates in the cloud. Amazingly, 56 percent of respondents stated they had no idea what their cloud provider was doing to protect and monitor privileged accounts.
In addition, 25 percent of respondents partner with cloud providers that they believe to be less secure when it comes to protecting confidential information. Let that sink in – a quarter of businesses are outsourcing data and infrastructure to companies known to be less secure.
As the Cloud Security Alliance put it in a research report in 2012 – “it’s critical that the established SLAs between the enterprise and the cloud provider meet or exceed the enterprise’s general requirements.”
In other words, cloud providers – at a minimum – need to offer everything that the customers should be doing for themselves. If you’re looking at a new cloud provider, you need to ask the following basic questions:
- How does the provider follow best practices related to privileged account access control, accountability, and monitoring.
- What are the providers doing to monitor all privileged activity?
- How are they protecting access to privileged credentials?
- Are they isolating and controlling administrative access to target resources?
- Does the provider provide a complete audit trail of who access a privileged account, what they did with it, and why?
- Does the provider offer real-time alerts when suspicious activity takes place during a privileged session?
If your cloud provider can’t answer any of these questions satisfactorily, then you’re putting your data and assets at undue risk.