I recently read an article on Medium which outlined a frightening scenario that should make every CIO take pause. A consultant received a call saying, “Our entire AWS account is gone. The call center is down. We can’t log in. It’s like it never existed! How do we get it back?”
The frantic caller recently terminated an employee who took it less than swimmingly. To retaliate, the employee disabled all users and changed the root account email address and password, effectively hiding the account from existence. This multi-million dollar service provider, who ran their call center through AWS Connect, was effectively locked out of their own cloud. Since the credentials used to make the change were valid, Amazon couldn’t step in to revert the change.
The quickest way to stem the damage was getting the former employee to login to the account. It took the FBI showing up on their doorstep for that to happen. 24 hours spiraled by as the company scrambled for a solution to this preventable problem. If it can happen to a multi-million dollar organization, it can happen to you.
Not all disaster scenarios are the result of malicious intent. More often, an employee will accidentally delete critical files or inadvertently expose data to the public. Regardless of the intent, there are four things you can do to tighten the security of your cloud.
[ How do containers help manage risk? Get the related Red Hat whitepaper: Ten Layers of Container Security. ]
Establish an offboarding process
An employee could be a sweet as apple pie, but the moment they’ve been terminated, you may discover a darker side. You have to assume that the moment someone is let go, they become a threat to the organization. With the right set of permissions, they can do immeasurable harm to your cloud ecosystem. Don’t give them the chance.
Plan to have all employee access revoked the minute they walk into the termination meeting. This ensures they can’t leave you a parting gift on the way out the door. If you can’t remove an employee’s access in under 10 minutes, you need to implement the tools to make that a reality.
Don’t just compile an offboarding checklist. Test it. Perform a dry run, shutting down a high-level administrator’s account to verify that they are, in fact, locked out of everything.
[ Read also: Why IT leaders must speak risk fluently. ]
Protect the root account
I can’t stress enough the importance of protecting access to the root account. That account can effectively do anything within your cloud environment so keeping it locked down is imperative. A few measures you can take to secure this account include:
- Set up a strong password for the root account that only critical personnel have access to.
- Trigger notifications to a group of high-level personnel when the root account is accessed.
- The root account should never be tied to an employee’s email address.
- Protect the email account tied to the root account to prevent a reset of the password.
- Setup MFA using a physical hardware token, storing the token in a fire-proof safe.
- The root account should never be used for daily access.
These layers of protection ensure that no one person within the organization can alter the root account without throwing the fire alarm to everyone around them.
Have accessible backups
Backing up essential elements of your cloud should be standard practice, but where are those backups stored? If they are in the production account, you could argue that you don’t really have backups at all. Having a separate backup account to store these snapshots is key for disaster recovery. A rogue administrator locking your cloud account definitely constitutes a disaster.
Under this cross-account backup model, you would need to follow the same security protocols that protect the main account. Also, the credentials used to copy snapshots shouldn’t have the ability to delete them. Interaction between the two accounts should be automated to make sure backups are always up to date, and backup failure notifications should go out to several individuals so they can be quickly attended to even if someone is away on vacation.
Audit employee access regularly
Misconfigured cloud services are all too common these days. When you see the headline-grabbing news of yet another massive data breach, this is often the culprit. In their 2019 Cloud Adoption and Risk Report, McAfee found the average organization has 2200 individual IaaS misconfigured incidents in the cloud per month.
Cloud providers normally lock down everything by default, and expect the client to own their security management. This is the perfect way for them to absolve themselves of any security issues since it’s up to the customer to control access to resources. In 2022, 95 percent of cloud security failures are predicted to be the customer’s fault.
Just like you should regularly audit cloud assets, you should also take a hard look at user permissions on a regular basis. Users should only have access to those areas necessary to do their job, but responsibilities evolve over time. Has a user moved departments yet still has access to the resources of their previous one? Was a user setup with full access during a testing period but was never scaled back after the go live? Was there a previous cloud administrator known to cut corners? These questions and countless others highlight why it’s essential to continually keep tabs on what employees have access to in the cloud.
It is also important to take advantage of the built-in logging features provided by cloud providers. They are an easy way to monitor errors and be informed of critical updates in real time. It can help you spot the seed of a problem before it’s ever allowed to grow.
While many of these recommendations flirt with cloud security 101, you would be surprised how many large companies neglect them. More than half of companies using cloud storage have inadvertently exposed one or more services to the public, according to a report by Redlock. Employees working in your corporate cloud need access to services in order to do their job, but that access should only go so far. By implementing some of these common sense measures you can establish guardrails to protect your cloud in areas where it is most vulnerable.
[ Learn the do’s and don’ts of cloud migration: Get the free eBook, Hybrid Cloud for Dummies. ]