- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
Infrastructure and the way it was accessed and secured used to be simple. Your database sat next to you in the office and was only available on the office network. But current environments have no boundaries, whether on-premises, in multiple clouds, or both. They are ephemeral and dynamic and often serve a decentralized workforce.
Access management solutions were never designed to keep up with all these users distributed across all these places or the complexity and movement of these resources.
That’s why Hermann Hesse, VP of Solutions at StrongDM, took the time to highlight three costly but avoidable cloud infrastructure security challenges and what you can do to address them. Here’s what he covered.
Avoidable Mistake Number 1 | Not Protecting Remote Access
An increasing number of technical employees within organizations are distributed globally. Organizations need to open a clear, direct path that gives individualized access to the right people and keeps everyone else out.
Services should only be available behind a security solution like StrongDM or a VPN which is also protected with two-factor authentication.
Avoidable Mistake Number 2 | Overprovisioning User Accounts
In the quest for simplicity and speed, companies tend to overprovision user accounts with access to network resources by giving entire groups (such as IT/security staff) the ability to see all files and make changes across all systems.
Even worse, many administrator accounts are not configured to use strong passwords, so if just one of those many high-privilege accounts is compromised, the effects can severely harm the organization.
Instead, employees should have the minimal permissions necessary to do their jobs and adopt the principle of least privilege. Access controls should be visible to everyone, and that access should be subject to regular review to ensure it is always appropriate.
Avoidable Mistake Number 3 | Incomplete Logging
In the event of a security incident, the logs are arguably the most valuable asset for your incident response team to have.
Many companies fail to log all activity on their critical assets, or the logs are missing the kind of verbose data necessary for any serious investigation. Similarly, you need the ability to generate audit reports for your critical database servers and Web servers to answer critical questions in real time. Logs help organizations satisfy compliance and security obligations—the who, what, where, and when of every interaction.
StrongDM is a protocol and identity-aware access proxy that gives you deep visibility into what was done on all your onboarded resources so you know exactly what access employees have with total visibility into what they are (and should be) doing.
Did you miss the panel? No worries, you can still check out the replay. And when you’re ready to streamline access to your cloud infrastructure, try a 14-day free trial of StrongDM today.
About the Author
Maile McCarthy, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.