The explosion of non-human identities in public cloud deployments has decision makers turning to new identity and access management tools to keep their environments secure, according to a new study performed by Forrester Consulting for Sonrai Security and Amazon Web Services (AWS).
The study released Thursday found that more than half the 154 North American IT and security decision makers surveyed for the report acknowledged that they were struggling with machine and non-people identities running rampant in the cloud.
“When you secure stuff in the traditional data center model, you form networks, which form the perimeter for the model,” Sonrai CISO Eric Kedrosky tells CSO. “In the cloud, those networks disappear, and identities become central to securing the cloud.”
“What a lot of organizations that have moved to the cloud are finding is they’re thinking a lot about those person identities but they’re not thinking about those non-person identities, which are magnitudes greater than person identities,” Kedrosky continues. “It’s a real blind spot for organizations. They are blind to the risks that identities pose to their cloud.”
Challenges related to CIG/CIEM systems
To address their cloud identity woes, more than half the decision-makers (55%) say their organizations are investing in cloud identity governance (CIG) and cloud infrastructure entitlements management (CIEM) solutions and by 2023, 82% will be following suit.
Despite the willingness to invest in CIG/CIEM, the study found that nearly everyone (98%) is facing security challenges related to the systems. Those challenges include:
- Overly complex access control policies, which make configuring fewer privileges among cloud identities nearly impossible to accomplish
- Legacy tools that cannot integrate well, or at all, in the public cloud environment and which enable the persistence of short-lived identities and the proliferation of unrecognized non-people and machine identities
- Difficulties seeing a single view of cloud platform identities
AI-driven investigation, behavioral detection programs a priority
The Forrester researchers also discovered that AI-driven solutions have emerged as a top priority for organizations participating in the survey. Half of the respondents noted AI-driven investigation or behavioral detection programs were top objectives for their cloud security programs.
“Given the scale and speed of the cloud, AI has to be there,” Kedrosky says. “Things have to be done far faster than what can be done with a script or a simple program. The cloud has to be secured at the scale and speed of the cloud.”
As organizations continue to increase their usage of the public cloud, they are faced with increased challenges managing the security of their cloud instances, including applying the correct settings and configurations at scale, the report notes. With the growing number of cloud services, roles and policies written in code, there is exponential growth in potential permission controls.
To better meet these needs, it continues, organizations are looking toward CIG/CIEM solutions, AI-powered monitoring and investigation, and better automation of time-consuming manual workflows for investigation, access reviews, and remediation.