Cloud Infrastructure Security | 3 Costly but Avoidable Mistakes

Infrastructure and the way it was accessed and secured used to be simple. Your database sat next to you in the office and was only available on the office network. But current environments have no boundaries, whether on-premises, in multiple clouds, or both. They are ephemeral and dynamic and often serve a decentralized workforce. 

Access management solutions were never designed to keep up with all these users distributed across all these places or the complexity and movement of these resources. 

That’s why Hermann Hesse, VP of Solutions at strongDM, took the time to highlight three costly but avoidable cloud infrastructure security challenges and what you can do to address them. Here’s what he covered.

Avoidable Mistake Number 1 | Not Protecting Remote Access

An increasing number of technical employees within organizations are distributed globally. Organizations need to open a clear, direct path that gives individualized access to the right people and keeps everyone else out.

Services should only be available behind a security solution like strongDM or a VPN which is also protected with two-factor authentication.

Avoidable Mistake Number 2 | Overprovisioning User Accounts

In the quest for simplicity and speed, companies tend to overprovision user accounts with access to network resources by giving entire groups (such as IT/security staff) the ability to see all files and make changes across all systems.

Even worse, many administrator accounts are not configured to use strong passwords, so if just one of those many high-privilege accounts is compromised, the effects can severely harm the organization.

Instead, employees should have the minimal permissions necessary to do their jobs and adopt the principle of least privilege. Access controls should be visible to everyone, and that access should be subject to regular review to ensure it is always appropriate.

Avoidable Mistake Number 3 | Incomplete Logging

In the event of a security incident, the logs are arguably the most valuable asset for your incident response team to have.  

Many companies fail to log all activity on their critical assets, or the logs are missing the kind of verbose data necessary for any serious investigation. Similarly, you need the ability to generate audit reports for your critical database servers and Web servers to answer critical questions in real time. Logs help organizations satisfy compliance and security obligations—the who, what, where, and when of every interaction. 

strongDM is a protocol and identity-aware access proxy that gives you deep visibility into what was done on all your onboarded resources so you know exactly what access employees have with total visibility into what they are (and should be) doing. 

Did you miss the panel? No worries, you can still check out the replay. And when you’re ready to streamline access to your cloud infrastructure, try a 14-day free trial of strongDM today.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

What is DevOps Security?
What is DevOps Security? Challenges and Best Practices
What are the biggest security challenges facing DevOps, and how can practitioners overcome them? In this article, Good e-Learning and strongDM examine how DevOps engineers can work to guarantee security across their cultures.
Enterprise Kubernetes
Kubernetes in the Enterprise Webinar Recap
Join strongDM CTO Justin McCarthy and a panel of experts as they discuss the challenges, complexities, and best practices of enterprise k8s adoption.
Technical Debt
Has Your Technical Debt Become Unsustainable?
A closer look at what technical debt is, how it relates to infrastructure access, and why unwinding short-term workarounds can actually improve productivity.
Just-In-Time Access (JIT)
Just-In-Time Access (JIT): Meaning, Benefits, Types & More
Today, we’ll take a look at what just-in-time access (JIT) means and what types there are. You’ll also learn about what a JIT access solution can do for your organization. By the end of this article, you’ll understand how just-in-time access works, the best practices to ensure secured implementation, and how strongDM comes to the rescue.
Authentication Vulnerabilities
11 Common Authentication Vulnerabilities You Need to Know
In this article, we’ll take a look at what authentication vulnerabilities are, how they emerge, and how these issues can affect your organization. Also, you’ll learn about the most common authentication-based vulnerabilities and their implications. By the end of this article, you’ll know the best practices to prevent these authentication issues and keep sensitive data safe.