Rising risks and threats
Cloud adoption will undeniably deliver an array of benefits to financial institutions, but it comes with certain cybersecurity risks.
One such risk stems from the privileges granted to different identities and roles within the organization. Securing identities is a key aspect of a robust security framework. A strong identity and access management (IAM) system plays a crucial role in efficiently governing the increasing number of users and their access privileges.
When banks and financial institutions operated with on-premise data centers, wide privileges were granted to roles and identities for efficient discharge of responsibilities. Such privileges were wider in scope than necessary; however, as the data centers were on-premise, they did not pose much of a security threat. But when the same set of privileges and accesses are carried over to the public cloud during lift-and-shift cloud migration, such misconfigured permissions heighten threat vectors and widen the attack surface, making banks an easy target for cyber-attackers.
Another point to note is that the scope of roles and permissions given to cloud identities for seamless functioning of applications and to adapt to the dynamic nature of the cloud usually exceeds service requirements. Such IAM misconfiguration leads to accumulation of unused permissions on cloud identities, posing a security threat. As the application migration to cloud matures, banks must ensure visibility into accumulated and unused permissions. Additionally, there is the threat of bank employees misusing or exploiting such broader privileges to access and steal or alter sensitive data for malicious purposes.
A breach or cyberattack can result in business downtime and have other negative impacts: loss of reputation and customer trust, intense regulatory scrutiny and/or penalties, and even financial loss. One research report reveals that 75% of respondents surveyed said that security compromises were facilitated by over-entitled and/or over-permissioned access while 66% said that digital identities that should have been inactive were compromised during an incident.[1] Capital One, an American bank, reported a data breach where misconfigured cloud access and privileges were exploited to steal the data of more than 100 million customers.[2]
Why CIEM
Cloud infrastructure entitlement management (CIEM) can help financial institutions overcome the challenges of unused, broken, or excess access and privileges granted to cloud identities.
Such a solution must be reinforced by an IAM policy based on the principle of least privilege (POLP). This means that users are given the bare minimum access and permissions necessary to perform their jobs. Applying the least privilege principle to IAM policies enables security and operational teams to restrict access to network, systems, and resources thereby mitigating security risks in multi-cloud environments.
In a multi-cloud environment, deploying a robust CIEM solution along with efficient IAM systems and governance tools can deliver multiple benefits to financial institutions, which are:
Zero-trust security
Banks and financial institutions must adopt a zero-trust security model and lay down clearly defined IAM policies.
In addition, they must adopt a CIEM solution to constantly monitor the cloud environment and ensure operations within defined access controls. To protect financial institutions’ cloud infrastructure in multi-cloud environments from cyberattacks, banks and financial institutions must lay down a consistent approach considering the following aspects:
IAM policies: Financial institutions must establish clear IAM policies for the cloud environment and ensure granular accountability and governance of access. The IAM policy must specify a process to define right-size entitlements for all cloud-based identities, resources, and services. To fulfill this, financial institutions must:
CIEM solution: We believe that banks and financial institutions must adopt a CIEM solution equipped with the following capabilities:
Theory to action: Once financial institutions have defined their CIEM approach, the next step is to implement it in a manner conducive to reaping all the benefits. This will require financial institutions to:
A comprehensive approach to cybersecurity
Protecting customer data is a critical business imperative for the financial services industry.
A full bouquet of services will help banks and financial services firms tackle the cybersecurity challenge comprehensively. This would include:
For fast-track deployment of cloud IAM and CIEM solutions based on the zero-trust policy, we propose accelerators built using industry standards and policies:
In a cloud environment, security is defined by the access and permissions that users are granted. Cloud identities with excess privileges are a security risk that financial institutions must address on priority to prevent cyberattacks. To achieve this, they must implement a zero-trust security model and establish clear IAM policies and guidelines.
[1] Used with permission from SailPoint
[2] Used with permission from TechTarget