Identity, Cloud Security, Zero trust

Least privilege access is central to being a better cloud user, says AWS identity leader (WATCH)

Share

To reduce mismanagement of complex cloud services overstuffed with multiple accounts and projects, end users should consider least privileged access as a core tenet, and then support that practice with role-based policies, multi-factor authentication and secrets management, according to Don Edwards, worldwide tech leader, identity, at Amazon Web Services.

Consider how best to securely organize your accounts according to user needs, and then apply least-privilege standards to those accounts, said Edwards in an interview with SC Media at the CyberRisk Alliance's Identiverse Conference last week. "For example, you might want to have a vertical of accounts that are for security purposes and [have] very limited access to those accounts. All of your logs and ... analysis tools go into those security-related accounts," he explained.

Click here for more SC Media coverage from the Identiverse Conference.

"Those would be kept separate from your development accounts, which tend to have more loose identity and access management policies. And those would be kept separately from your production accounts, which again, would have very strict rules around who can access what."

Especially for your highest privileged accounts, such as root accounts, multi-factor authentication is "absolutely essential," Edwards asserted. Ideally, passwords for cloud access would be eliminated altogether, he added, but if you do use passwords, then keep them short-term, for only as long as the users need them for a particular project, he added.

Edwards also advised looking at privileged as an ongoing, evolving journey. "So you want to start off with the policies that you think are at least privilege and then continuously analyze them to make sure that the reality ... of the usage is is the same as the what the policies actually allow," he said.

For more insights and advice from Edwards, watch the embedded video.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

You can skip this ad in 5 seconds