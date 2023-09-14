Bridging the privilege gap in the cloud: Strategies for AWS, GCP, Azure, and beyond
Organisations are migrating more and more of their operations to the cloud, and managing privileged access in the cloud has emerged as a key challenge.
Pravin Agarwal has been tackling this issue head-on, offering valuable insights on enhancing cloud security and addressing permission gaps in platforms like AWS, GCP, and Azure.
"The principle of Zero Trust is the cornerstone of cloud security," Agarwal states. "The focus should be on 'never trust, always verify.' It's about ensuring secure user and privileged access to all on-prem and cloud applications with an intuitive user experience."
Zero Trust isn't a new concept - but it has gained significant traction in recent years as businesses increasingly adopt multi-cloud and hybrid-cloud strategies. However, its implementation can be complex, particularly when addressing the management of privileged accounts. A 2022 report by Gartner found that by 2025, 75 per cent of security failures will result from inadequate management of identities, access, and privileges, up from 50 per cent in 2020.
Agarwal's work shines a light on these concerns, emphasising the necessity of adopting strategies like Just-In-Time (JIT) and Just Enough Access (JEA) in cloud environments. "In an ideal world, access to sensitive data or systems should be granted for just enough time and with just enough permissions to complete the task at hand and eliminate standing privilege," Agarwal explains.
However, achieving this balance is easier said than done. Enterprises often struggle with granting the right access levels to the right individuals at the right time, especially when dealing with a mix of on-premises and cloud environments.
As per a 2022 Ponemon Institute report, organisations that fail to properly manage privileged accounts have a 74 per cent higher risk of experiencing a data breach. By adopting JIT and JEA practices, businesses can effectively reduce their attack surface, limiting the chances of unauthorised access and data breaches.
"It's not just about mitigating risks," adds Agarwal. "There are efficiency and productivity benefits as well. Automation of privileged access throughout your entire infrastructure, including DevOps, hybrid, multi-cloud, and on-prem deployments, can reduce privileged accounts and identities onboarding time by up to 90 per cent."
Agarwal's expertise lies in integrating Privileged Access Management (PAM), Cloud Infrastructure Entitlement Management (CIEM), and Identity Governance and Administration (IGA) for both on-prem and cloud ecosystems. Such integrations are critical in creating a robust governance strategy framework, improving audit compliance and control requirements and gaining visibility to make more informed decisions and avoid guesswork.
In terms of cloud security, Agarwal stresses the importance of adopting a least privilege/least access approach. This concept entails granting users the minimum levels of access or permissions they need to complete their job functions.
"On-prem and cloud are both immeasurably valuable in helping organisations speed up and optimise processes. But security depends on visibility and limiting access as much as possible. You want to eliminate standing privilege and use a credential-less PAM to gain visibility and reduce risk," he advises.
As the shift to the cloud continues, understanding and managing privileged cloud permissions gaps for AWS, GCP, Azure, and beyond is a priority. Agarwal's contributions in this field are helping clients build a comprehensive zero-trust ecosystem, PAM capabilities with zero standing privileges, and the adoption of Just-In-Time PAM for risk reduction and real-time detection and onboarding for identities, assets, and workloads.
Agarwal feels that the future will see the creation of a credentialless ecosystem. This concept does away with the traditional username/password paradigm, replacing it with more secure and user-friendly authentication methods, such as biometrics or device-based authentication.
"Helping organisations build a credential-less ecosystem with the principle of Zero Trust integrating PAM, CIEM, IGA for on-prem and cloud … that's the goal," says Agarwal. "Security is not just about building walls. It's about providing a seamless, secure experience that ensures the right people have the right access at the right time. And that’s where we are heading."
Cloud security is an evolving field with new challenges and opportunities continually emerging. With professionals like Pravin Agarwal leading the charge, the future of cloud security looks promising, more secure, and a whole lot smarter.