《谨慎处理:云紧急访问的脆弱现实.pdf》由会员分享,可在线阅读,更多相关《谨慎处理:云紧急访问的脆弱现实.pdf(26页珍藏版)》请在三个皮匠报告上搜索。
1、Handle with Care:The Fragile Reality of Cloud Emergency AccessSimon VernonSANS Head or R&D EMEASANS Principal Technical Architect RangesCloud Security ArchitectvCISOFounderRoot and Emergency Access ProblemRoot users exist for every account and tenantKeys often shared,mismanaged,or left unsecuredCons
2、equences:insider threats,ransomware,compliance breaches80%of cloud breaches are caused by credential misuse GartnerRoot Accounts 1staccount created when cloud account established Azure=my AWS= GCP= Accounts reside outside of policy,control,and horrifyingly monitoring!Emergency Access Accounts Create
3、d to facilitate access to specific roles required during emergency situations IR Role Billing Role Read Only Scoped Read Only Full access These accounts reside in IAM,Entra or Workspaces and often sit within policy exclusions Driving reasonsCloud adoption is accelerating more root keys than everComp
4、liance standards demand proof of controlBoards&investors should ask:Who can access the root accounts?Legacy PAM doesnt solve the problemThe Amazon AccountThe root account for the enterprise was held by the CEOIt was their Amazon account.Used by 3 members of the family to buy dogfood,batteries and so
5、cks.The root account email address was also a private email account linked to everyday services.Root User Mis-ManagementOver-reliance on“break glass”accessOrganisations create a root or super-admin account for emergencies but fail to define clear usage procedures,leaving it unused,untested,and poorl
6、y tracked until a crisis occurs.Weak or incomplete protectionsRoot accounts are sometimes exempt from conditional access policies(MFA,IP restrictions,just-in-time access),making them the“soft underbelly”of otherwise strong identity controls.Credential sprawl and storage issuesPasswords,keys,or recov