According to data from one cloud security ecosystem, this trend can derail some benefits of South-east Asia’s accelerated cloud adoption.
Based on analyses of nearly 37,000 user identities serviced by a multi-cloud security solution across ASEAN, India, South Africa, and the United States, one cybersecurity firm believes that excessive access and control permissions are a regional risk as South-east Asia (SEA) increases adoption of cloud computing.
In the data study, an average of 43% of external users outside of each organization had been granted admin rights. Beyond data privacy concerns, this trend could lead to greatly increased risks of ransomware attacks should the admin credentials fall into the wrong hands.
The analysis also uncovered several practices linked to the excessive granting of permissions by organizations serviced in the region:
- 23% of identities analyzed were found to not have MFA enabled. Also, 18% of these identities had super administrator permissions. In Singapore, more than 8% of super admin accounts did not have MFA enabled, with this number increasing to more than 14% in Indonesia. Of organizations in the financial services sector, more than 10% of identities with super administrator privileges were found to not have MFA enabled, with almost 6% of these identities being external users. According to Fitch, financial services providers are popular targets for ransomware attacks as they usually possess highly valuable data such as payment information or personal identifiable information.
- More than 60% of identities on AWS were unused, likely a result of default permissions being accepted during the setup of cloud identities. Also, 46% of unused identities had sensitive Identity and Access Management (IAM) access. In Indonesia, 21% of identities with sensitive IAM access were unused. In Singapore, almost 25% of identities with sensitive IAM access were unused.
- For organizations on AWS in the data, 50% of SSH keys were found to not have been rotated in the past 90 days. As machine identities assigned to IoT devices, containers, and services continue to outnumber human identities— a trend that is unique to the cloud—they could become entry points for potential ransomware attacks.
According to Paul Hadjy, CEO and co-founder, Horangi, which performed the data study: “Growing cloud adoption across SEA could potentially exacerbate the challenge posed by excessive permissions, making it imperative for digital-first organizations to invest in (IAM tools) to remotely manage entitlements.”
Such tools can augment the ability of security teams to effectively manage increasingly complex and decentralized infrastructure setups, and automatically enforce least privilege when suspicious activity is detected.”