In line with one report, many enterprises are unaware of the variety of machine IDs they personal — the research discovered “45 occasions extra machine identities than human ones,” most of which go untracked, as famous in a VentureBeat evaluation. In our case, I estimate we had a whole lot of those identities, excess of we realized.
Cloud identification sprawl within the multi-cloud period
That is the brand new battleground in cloud safety. Whereas we frequently hear about threats like phishing or ransomware, a extra insidious threat is on the rise — machine identities. In a multi-cloud surroundings, the variety of credentials for every microservice, digital machine (VM) or serverless operate can rapidly spiral uncontrolled. We discovered ourselves managing half a dozen IAM techniques with out a unified view of them. Roles like “etl-service” in a single cloud have been performing the identical operate as “etl-worker” in one other, and we have been struggling to maintain observe of the duplicates.
It was simple to make errors. In our rush to ship, we gave many service accounts broad admin rights, planning to slender them down later. The statistics are clear: In its 2024 High Threats report, the Cloud Safety Alliance ranked IAM because the primary concern. That features human and machine accounts. In observe, a stolen or misused machine identification lets an attacker transfer laterally — in any case, workloads are alleged to belief one another.
