Securing businesses through the protection of cloud infrastructure
Cloud technology is undoubtedly one of the most important advances in the IT industry.
The benefits are real and no one will say otherwise. With the health crisis, and all the consequences that this has resulted such as the general containment and the explosion of telework, the use of the cloud has experienced a certain boom. Especially to facilitate exchanges and access to information for employees who now work from home.
This article will also interest you: The problems related to cloud transformation
"The cloud has the advantage of enabling dynamic provisioning of virtual machines (VMs), storage spaces, containers, and other resources. Since the beginning of the health crisis and with the use of telework, organizations have used it massively to offer employees and suppliers access to efficient, flexible and on-the-fly enterprise tools, as needed. However, while cyber attacks are proliferating and have increased significantly since the beginning of the pandemic, these deployments must be accompanied by adequate security measures (…) Once a virtual machine or resource is dynamically created, it is assigned privileged identifiers, such as SSH keys. This type of provisioning process is not necessarily automated. Administrators can use a management console to launch new virtual machines and assign them appropriate privilege levels. explains Ketty Cassamajor, CyberArk's South Europe Fore-Sales Manager.
In the face of all this, it becomes important, if not necessary, to protect the entire cloud infrastructure. Because multiplication means growth of the threat. To do this, you will have to follow several steps.
First of all we have the identification of the different infrastructures. "For a company, manually securing privileged accounts becomes almost impossible as the cloud environment expands. Automation, scripts and various cloud management tools enable the dynamic creation of privileged identifiers, making them more difficult to manage and track. To better understand the scope of the risks associated with privileges, tools can be used to discover privileged identifiers continuously, including SSH keys, passwords or AWS access keys. Ketty Cassamajor.
The second step is to use secure, centralized storage. For all identifiers with several higher privileges. "By leveraging robust APIs, proven integrations and secrecy injection mechanisms that enable the recovery and rotation of preferred identifiers from a secure digital safe, companies can automatically control their privileged accounts, that is, at the very moment of their creation. CyberArk's expert notes.
The next step is to be able to automatically integrate new security infrastructure to increase the protection of accounts that are associated with privilege statutes. "Once a company discovers all of the privileged accounts in its cloud infrastructure, it can consider programmatic management of new entities by operating APIs. This approach significantly simplifies cloud access management and improves the resulting operational efficiency. This step is particularly important in the cloud where the infrastructure is automated and containers, servers and other resources are only provisioned and used for a few minutes or even hours to complete a specific task. This automatic scaling is repeated several times a day, without any human interaction. In order to effectively secure access to privileges, the SSH keys used to programmatically access VMs must be automatically integrated and secured in a digital safe, and then rotated as new cloud instances are created. our expert notes.
In 2020, several companies have begun their transformation to digital. Unfortunately, this has not been without consequences.In practical ways, things could have gone better, if the health crisis had not shaken up habits, by forcing in a certain sense, a forced switch on the digital whole. But that's no excuse for moaning. Now is the time to stand up and prepare your defense against this new monster of cybercrime.
Now access an unlimited number of passwords: