当前位置:首页 > 报告详情

谨慎处理:云紧急访问的脆弱现实.pdf

上传人: 可*** 编号:991896 2025-12-07 26页 1.40MB

1、Handle with Care:The Fragile Reality of Cloud Emergency AccessSimon VernonSANS Head or R&D EMEASANS Principal Technical Architect RangesCloud Security ArchitectvCISOFounderRoot and Emergency Access ProblemRoot users exist for every account and tenantKeys often shared,mismanaged,or left unsecuredCons

2、equences:insider threats,ransomware,compliance breaches80%of cloud breaches are caused by credential misuse GartnerRoot Accounts 1staccount created when cloud account established Azure=my AWS= GCP= Accounts reside outside of policy,control,and horrifyingly monitoring!Emergency Access Accounts Create

3、d to facilitate access to specific roles required during emergency situations IR Role Billing Role Read Only Scoped Read Only Full access These accounts reside in IAM,Entra or Workspaces and often sit within policy exclusions Driving reasonsCloud adoption is accelerating more root keys than everComp

4、liance standards demand proof of controlBoards&investors should ask:Who can access the root accounts?Legacy PAM doesnt solve the problemThe Amazon AccountThe root account for the enterprise was held by the CEOIt was their Amazon account.Used by 3 members of the family to buy dogfood,batteries and so

5、cks.The root account email address was also a private email account linked to everyday services.Root User Mis-ManagementOver-reliance on“break glass”accessOrganisations create a root or super-admin account for emergencies but fail to define clear usage procedures,leaving it unused,untested,and poorl

6、y tracked until a crisis occurs.Weak or incomplete protectionsRoot accounts are sometimes exempt from conditional access policies(MFA,IP restrictions,just-in-time access),making them the“soft underbelly”of otherwise strong identity controls.Credential sprawl and storage issuesPasswords,keys,or recov

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Handle with Care: The Fragile Reality of Cloud Emergency Access》的内容,以下是全文关键点的概括: 1. **根账户风险**:80%的云安全漏洞由凭证滥用造成,根账户存在安全隐患,如未经授权的访问和滥用。 2. **紧急访问账户问题**:这些账户常被忽视,缺乏明确的用途和生命周期管理,可能导致安全漏洞。 3. **多因素认证(MFA)挑战**:MFA虽能增强安全,但存在设备丢失、共享访问和重置困难等问题。 4. **解决方案**:包括分权控制、第三方托管、分布式存储和默认角色管理等。 5. **权限提升风险**:即使看似安全的角色也可能通过间接路径被滥用。 6. **身份控制挑战**:如Entra角色被破坏,可能导致MFA和网络保护被绕过。 7. **RESU服务**:提供一种替代方案,通过授权流程和密钥托管来快速安全地解锁账户。
安全漏洞还是必要之选?" 如何避免云安全危机?" 如何平衡安全与紧急访问?"
客服
商务合作
小程序
服务号
折叠