"Just 1% of Cloud Permissions Are Actively Used"

According to security researchers at Microsoft, a surge in workload identities, super admins, and “over-permissioning” is driving increased cyber risk for organizations running cloud infrastructure.  The researchers calculated that over 40,000 permissions could be granted across the major cloud platforms and that over half of these are high-risk.  Permissions refer to the authorization given to users or machines that enable them to access specific resources.  The researchers noted that, unfortunately, a lack of visibility and control over these authorizations could be exposing organizations to the risk of cloud security breaches and misuse.  The researchers found that user and workload identities are using just 1% of permissions granted for their day-to-day job functions.  More than half (50%) of identities are defined as “Super Identities,” meaning they have access to all permissions and all resources.  Over 60% of all identities are inactive.  The researchers noted that given that Super Identities can create and modify service configuration settings, add or remove identities, and access or delete data, it is concerning that less than 2% of permissions granted to these are actually used.  The researchers stated that it is machine rather than human identities where some of the biggest risks lie.  The number of cloud-based workload identities, including apps, VMs, scripts, containers, and services, has increased “exponentially,” and these now outnumber human identities 10 to 1.  The average percentage of inactive workload identities (80%) has doubled since 2021, and less than 5% of permissions granted are used by workload identities.  The researchers stated that closing the permissions gap and reducing the risk of permission misuse requires organizations to implement the principle of least privilege.  The researchers noted that this must occur consistently to all human and workload identities across multi-cloud environments.  Organizations can achieve this at a cloud scale by adopting a Cloud Infrastructure Entitlement Management (CIEM) solution to continuously discover, remediate and monitor the activity of every unique user and workload identity across multi-cloud.

Infosecurity reports: "Just 1% of Cloud Permissions Are Actively Used"