Cloud Security Best Practices – IDAM

22
Feb
2017
by scs
| AWS, Blog, Cloud, Cloud Security Best Practices, security

Cloud Security Best Practices

In our series of cloud security best practices, we will be outlining some basic, actionable steps that organisations should consider when migrating to a new cloud infrastructure or securing their existing estate. This article will consider the role of user security via Identity and Access Management (IDAM).

Principle 1: Secure Identity and Access Management

Secure Identity and Access Management in the cloud relies on your provider making appropriate tools and services available for you to manage their service securely. Ensuring privileged account access and procedures are properly implemented is imperative in preventing unauthorised access and corruption of your infrastructure and sensitive data.

Secure User Management

In order to protect your infrastructure you should implement the following cloud security best practices:

Strong authentication mechanisms to all management interfaces and support channels
Limit authorisation to the principle of least privilege and separation of duties

Make sure you are aware of all channels through which your infrastructure can be accessed, such as the email address to which the cloud infrastructure is registered. This should be a tightly controlled, standardised account to which only authorised individuals have access.

Ensure that users with privileged access employ multi-factor authentication (MFA). Lack of strong authentication can lead to account hijacking allowing attackers access to steal data, impact critical services and damage reputation.

You should ensure that:

you have identified all vectors by which you can instigate support or management requests (telephone phone, web portal, email)
the use of those mechanisms is restricted to authorised personnel in your organisation
Prevent sharing of account credentials among users
Monitor all account activities
Ensure all actions are traceable to a human owner, even service accounts

In our next article we will outline steps organisations can take to improve their security posture via role-based access control and separation of duties.