Cloud access control policy can be a tricky balance. On the one hand, cloud security is a top concern among many cloud users we talk to. On the other, the ease, flexibility, and speed of the cloud can be sacrificed when users aren’t given the access they need to the resources they use.
Cloud Access Control Policy & Cloud Management Platforms
Internal cloud access control policy is a matter that can be determined within each organization – but what about when an organization wants to use an external cloud management platform? As mentioned, we constantly hear that cloud security ranks #1 or close to it in terms of enterprise priorities, yet when we look around we see a lot of divergence in what different cloud management products require.
Some require literally the keys to the kingdom when you wish to partake of their systems capabilities. You might just want to run some simple analytical reports, but the vendor starts from the perspective of requiring broad ranging policy access, way beyond what’s required to do that job.
We have begun a survey of policy requirements across cloud management platforms, and from our research so far, it seems that the “principle of least privilege” is not as widely adopted in the market as it should be.
The Principle of Least Privilege
In the world of cyber security there is a widely-known cloud access control policy concept called “the principle of least privilege.” In essence, this concept means that users of any system should only be provided with the privileges that they need to do their job. In the world of on-demand cloud computing where resources are spun up and access shared within seconds, this principle is often stretched beyond its limit.
When designing ParkMyCloud, this concept was top-of-mind. We understood the need to assure clients that controlling their infrastructure with our product made their environments safer, not more vulnerable. What this means in practice is minimizing the number of policy permissions any user of the system needs to have to optimize and control their public cloud.
Each public cloud provider (AWS, Azure, Google Cloud Platform), has a unique set of policy controls used to manage how people access and utilize their company’s cloud infrastructure. These range at the low end to just allowing people to view things (and not create, change or terminate) to in essence giving users the keys to the kingdom.
When evaluating and subscribing to cloud tools, you should demand that access controls are tightly enforced. ParkMyCloud uses the bare minimum to save you money in the cloud, so you can be sure that your infrastructure is secure and optimized for cost control. Keep your environment secure, while balancing by providing users with limited access so they can do their jobs efficiently and cost-effectively.