Cloud Identity and Access Control
- IAM is a key feature of most cloud environments
User Access
- user access in cloud relies on either:
- cloud provider’s own authentication and authorization capabilities
- customer’s own infrastructure
- regardless, at least one top-level account is maintained native to the cloud provider
- allows configuration and maintenance of environment
- key feature of cloud is fine-grained access controls
- allow detailed configuration of and control over access to services, systems, etc.
- cloud relies heavily on secrets (keys and certificates)
Privileged Access
- aka privilege access (in CCSP)
- protecting privileged access to systems is important in the cloud
- CSPs have fine-grained access controls available
- MFA for all privileged accounts
- access logs
- alerting
- user behavior-based detection systems
- auditing and assessing privileged access
Service Access
- many clouds are built out of microservices
- a service-oriented architecture that splits applications into collections of loosely coupled services using lightweight protocols
- others rely on traditional services architecture
- controlling access to services with IAM can be complex in large environments
- key concepts:
- the need to implement appropriate access controls
- the need to maintain identities or service credentials securely
- monitoring and managing access without disruption