Reasons Your Company Should Be Auditing Privileged Cloud Accounts
Business cloud adoption is nearing 100% due to the acceleration of a remote workforce during the pandemic. Many of the systems and data that companies need to operate are now stored in the cloud, locked behind usernames and passwords.
This offers a more flexible working environment and one that allows companies to be resilient and operate from anywhere. However, using cloud services also poses new security challenges.
The way that cloud platforms work is that users gain access through their login, which is generally a username and password combination. Savvy companies will put multi-factor authentication (MFA) in place as an added safeguard.
But many companies do not use MFA, so their cloud data is only as secure as the weakest employee password. This, coupled with the fact that hackers follow the data, has led to a rise in credential breaches and insider attacks.
The most dangerous accounts for cybercriminals to breach are those that have privileged credentials, meaning they have higher level access in a system. This allows them administrative capabilities, such as:
- Adding and removing users
- Changing user passwords
- Changing security settings
- Deleting files
- Running scripts on a cloud service
As part of an overall cybersecurity strategy, it’s important to audit your privileged accounts regularly to reduce risk.
Why is this important? Here are several reasons.
Credential Theft Is Now the #1 Cause of Data Breaches
The number one cause of data breaches is not a brute force attack from the outside, it’s an insider attack due to credential theft.
Because many cloud service providers, such as Amazon, Google, and Microsoft, have such stringent security measures on their platforms, it’s not easy for a hacker to try to break in. It’s much easier to steal user credentials and get into a system legitimately. Spear phishing attacks are often launched specifically for the purpose of gaining access to admin-level credentials.
80% of Enterprise Data Breaches Link Back to Privileged Account Compromise
Not only is credential theft in general on the rise, but privileged accounts, in particular, are being singled out for a breach. Now, approximately 80% of data breaches involve some type of privileged account compromise.
This makes it vital for companies not to just hand out privileged accounts to any employee, and instead, treat them as highly sensitive and only grant them when absolutely necessary.
60% of Small Businesses Fold Within 6-months of a Cyber Attack
Another reason you should be auditing privileged account credentials is that most companies can’t afford a cyberattack, especially smaller companies. Statistics show that 60% of small businesses will fold within 6-months of falling victim to a cyberattack.
The preventative measures you take to protect your privileged accounts are insurance for your company’s future.
Steps for Auditing Your Privileged Credentials
Create a Dynamic Inventory of Your Cloud Accounts & Access Levels
Your first step in conducting a privileged account audit is to create an inventory of all your cloud services, users in those cloud systems, and the access level of each user account.
This list should be dynamic, meaning it should be kept up to date with any new hires, departing employees, and changes in access level.
Remove Unused Accounts
The “low hanging fruit” in your audit, will be to first remove any unused accounts. Leaving these open, especially if they’re administrative accounts, is putting you at high risk of an account compromise.
Look for any cloud accounts that were never closed for employees that left the company, or accounts for tools that users never use.
Interview Privileged Access Holders to See if They Use Privileges Regularly
Next, you’ll want to speak with all privileged account holders in all your cloud services. The goal is to find out how often they use the additional access features of their privileged accounts.
Downgrade User Access Using the Rule of Least Privilege
Take the information from interviewing your privileged account holders and downgrade accounts where you can. Such as users that only use admin settings once or twice a year.
Use the Rule of Least Privilege, which states that users should only be given the lowest access necessary for them to complete their daily tasks. You should continue to use this rule going forward whenever a new account is created.
Consider Using a Single Dedicated Admin Account
One more way you can add additional security and reduce risk is to create a dedicated admin account. This would not be an active user account assigned to one person, rather, it’s an account that users share and use only when they need to complete administrative tasks.
Once finished with an admin task, a user would log out of the dedicated admin account and back into their own lower-level user account.
Get Expert Help With Password Security & Access Control
How high is your risk of credential theft? GEEK911 can help your Silicon Valley area business put password and access security in place that keeps you from becoming the next data breach statistic.
Schedule a consultation by calling 1-866-433-5411 or reach us online.