Identity & Access Management

Cloud IAM refers to the practices, policies, and tools used to manage user identities, control access to cloud resources, and enforce security measures within a cloud computing environment.

  • User Authentication: Verifying the identity of users accessing the system.

  • Authorization: Determining what resources and actions users are permitted to access.

  • Permissions Management: Assigning and managing access rights to resources based on user roles and policies.

Root User

Has absolute full rights and control over all resources and settings within the cloud environment.

Responsibility: Typically used for initial setup and configuration but should be limited to minimize security risks.

Federated User

Authenticated and authorized to access resources through a trusted external identity provider, rather than using native cloud credentials.

Responsibility: Provides access to cloud resources based on federated identity credentials, often used for integrating with corporate or third-party identity systems.

Other Types

  • Cloud User: A user with direct access to cloud resources and services.

  • Guest User: A user with temporary or limited access to specific resources.

  • External/Hybrid User: Users from federated systems or external entities with access through federated identities.

Google IAM

  • Users, Groups, Roles, Policies

  • Federated Users

  • Policies (User, Role, Resource, Condition)

Azure AD

  • Users, Groups, Roles

  • Federated Users

AWS IAM

  • Users, Groups, Permissions

  • Federated Users

  • Policies grant permissions (Effect, Action, Resources, Conditions)

Access Control

  • Minimize Privileged Access: Limit the use of admin/root access (cloud subscription account) to reduce security risks.

  • Create Groups and Use Dynamic Management: Organize users into groups for easier management and apply dynamic policies to adjust access as needed.

  • Security Assessments and Auditing: Regularly assess and audit user configurations to ensure compliance with security policies.

  • Apply Least Required Rights Concept (POLP): Grant only the minimal permissions necessary for users to perform their tasks.

Identity & Access Flow

Account & Login Vulnerabilities

  • Weak Passwords: Easily guessable or simple passwords.

  • Leaked Credentials: Compromised or exposed login information.

  • Threat Intelligence: Information about potential or active threats.

  • Location/IP Anomalies: Unusual login locations or IP addresses.

  • Password Spraying: Attempting to access accounts using common passwords.

  • Brute Force Attacks: Automated attempts to crack passwords by trying numerous combinations.

Best Practices

  • Strong Authentication: Use Multi-Factor Authentication (MFA). Enforce strong password policies.

  • Access Control: Implement role-based or conditional access control.

  • Monitoring & Review: Monitor user activities. Regularly review user permissions and configurations.

  • Security Measures: Use secure connection protocols and data encryption. Implement network segmentation.

  • Maintenance: Regular systems patching. Conduct user training.

  • Account Management: Audit and remove unused accounts.

Response

  • Revoke permissions for the compromised identity and isolate it.

  • Reset session tokens, API keys, and access keys.

  • Review what happened and determine the impact with IT and business colleagues.

  • Remediate the issue, improve processes and action plans, and report.

  • Return to normal operations and monitor.

Last updated