In keeping with one report, many enterprises are unaware of the variety of machine IDs they personal — the examine discovered “45 instances extra machine identities than human ones,” most of which go untracked, as famous in a VentureBeat evaluation. In our case, I estimate we had tons of of those identities, way over we realized.
Cloud identification sprawl within the multi-cloud period
That is the brand new battleground in cloud security. Whereas we regularly hear about threats like phishing or ransomware, a extra insidious danger is on the rise — machine identities. In a multi-cloud atmosphere, the variety of credentials for every microservice, digital machine (VM) or serverless operate can shortly spiral uncontrolled. We discovered ourselves managing half a dozen IAM programs with no unified view of them. Roles like “etl-service” in a single cloud had been performing the identical operate as “etl-worker” in one other, and we had been struggling to maintain observe of the duplicates.
It was simple to make errors. In our rush to ship, we gave many service accounts broad admin rights, planning to slim them down later. The statistics are clear: In its 2024 High Threats report, the Cloud Safety Alliance ranked IAM because the primary concern. That features human and machine accounts. In follow, a stolen or misused machine identification lets an attacker transfer laterally — in spite of everything, workloads are presupposed to belief one another.
