SlideShare a Scribd company logo

2021 State of Cloud Permissions Risks Report (1).pdf

Cade Soluciones
Cade Soluciones

No arriesgues tu seguridad. Entra Permissions Management nos asegura los accesos a nuestros servicios en la nube

Business
1 of 11
Download to read offline
2021 State of Cloud Permissions Risks Report
03 / Executive Introduction 04 / Closing the Permissions Gap with Cloud Infrastructure Entitlement Management (CIEM) 05 / Risk Findings Across Cloud Infrastructures 06 / Unique Key Findings 09 / Recommendations for Multicloud Permissions Management 10 / Executive Conclusion 2 State of Cloud Permissions Risks Report
The permissions gap is a contributing factor to the rise of both accidental and malicious insider threats, which can allow attackers to exploit an identity with misconfigured permissions and access critical cloud infrastructure. This gap can be reduced through implementing the principle of least privilege and working towards a Zero Trust security model, thus protecting cloud environments. However, this is nearly impossible to do manually and at cloud scale. Today, over 40,000 permissions can be granted to identities across the key cloud infrastructure platforms and nearly 50% of these permissions can be classified as high- risk, meaning they can cause catastrophic security and business damage - service disruption, service degradation or data exfiltration - if used improperly. In this report, we share detailed findings about the most common cloud permissions risks we observed and share recommendations to enforce the principle of least privilege and achieve Zero Trust security across your entire digital estate. 3 7xGrowth of identities accessing cloud services However, organizations need to first fix the permissions gap to achieve Zero Trust Compliance 95% of permissions are unused 87% want Zero Trust Compliance But 20K+High-risk permissions Executive Introduction As organizations modernize IT and adopt multicloud infrastructures to support evolving business processes involving user and workload identities (e.g., virtual machines, web apps, containers, scripts, etc.), it’s increasingly difficult to know who has access to what data across which platforms. This lack of visibility leads to excessive permissions and higher security risks exposing identities and resources. Regardless of where an organization is in their cloud migration process, it’s important to implement robust cloud infrastructure security. Without it, their cloud environment is left vulnerable to attacks and accidents. Microsoft collected data from risk assessments performed with over 150 organizations worldwide and discovered that more than 90% of identities are using less than 5% of permissions granted. This gap between permissions granted and those used is what we call the permissions gap. Cloud Infrastructure Security Trends State of Cloud Permissions Risks Report
Closing the Permissions Gap with Cloud Infrastructure Entitlement Management The principle of least privilege is nothing new – it’s one of the foundational concepts of Zero Trust: • Never trust, always verify • Assume breach • Enforce least privilege However, with the rising complexity of multicloud environments, it has become increasingly difficult to implement the principle of least privilege consistently across clouds. Without it, organizations are left susceptible to severe consequences. In the past, organizations had fewer identities to manage, typically only including employees, partners, or customers. As the world has become increasingly more digital, these identities have expanded to include developers, third-party contractors, a host of workload identities like web apps, virtual machines, containers, or scripts, and a variety of compute types like EC2 instances and serverless functions. These workload identities can have the same high-risk permissions and access to sensitive resources that users do. In order to lay out a framework for organizations to approach identity, access and permissions management in their multicloud environments, Gartner recently created the category Cloud Infrastructure Entitlement Management (CIEM). CIEM is a next-generation solution for managing permissions consistently across all cloud infrastructures and enforcing the principle of least privilege for all identities and resources, helping to reduce the permissions gap and getting one step closer to a Zero Trust security framework. 4 State of Cloud Permissions Risks Report
Key Risk Findings Across Cloud Infrastructures Some of the risks contributing to the permissions gap span across the three main cloud providers— Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)—while others are unique to each provider. The most common risks we found in all three main cloud providers include: 5 High-risk permissions are continuing to rise, with more than 90% of identities using less than 5% of permissions granted Implication: Excessively permissioned active identities are exposed to credential theft risks Best practice: Right-size permissions based on the past activities of these identities and grant additional permissions on an on-demand basis Workload identities are over- permissioned and greater than 40% of them are inactive Implication: Inactive identities leave organizations open to credential misuse or exploitation for malicious activities Best practice: Remove inactive roles/ policies and identities to avoid unauthorized access to resources Lack of separation of duties: Users with excessive roles/policies in both development and production subscriptions/accounts Implication: Leveraging the same roles/policies and permissions in development and production environments exposes your infrastructure to insider threats and malicious external threats Best practice: Right-size permissions in development environments and clone permissions into production only as a starting point, then right- size permissions to tighten controls Cross-account access is frequently granted to external identities Implication: Cross-account access enables identities to access all resources in target accounts, leading to data leakage or malicious service disruption Best practice: Right-size scope of roles/ policies to access limited resources and limit access to specific identities in other accounts State of Cloud Permissions Risks Report
Unique Key Findings: 6 Two thirds of all organizations have EC2 instances with access to all S3 buckets Implication: Attackers can leverage compromised EC2 instances to access sensitive data stores leading to data breaches Best practice: Restrict broad access to all resources for applications on EC2 instances Admins typically don’t have Multi-factor Authentication (MFA) enabled and access keys not rotated for at least 6 months Implication: Admins without MFA enabled login or non-rotated access keys increase the risk of compromised credentials Best practice: Enable MFA for all users with console access and rotate access keys every 90 days Misconfigured security groups with inbound Secure Shell (SSH) port open and attached to EC2 instances Implication: Open security groups allow network-based attacks to gain access to EC2 instances Best practice: No security groups should allow unrestricted ingress access to any ports More than 50% of enterprises have identities with privilege escalation ability to elevate to super admin role Implication: Identities with hidden privilege escalation ability can self-elevate to admin privileges and gain unauthorized access Best practice: Regularly review all identity policies for any privilege escalation possibilities State of Cloud Permissions Risks Report
Unique Key Findings: 7 65% of enterprises have anonymous public read access enabled for blob containers in production environments Implication: Confidential data in public storage accounts is exposed to anonymous unauthorized identities Best practice: Provide controlled just-in- time access to blob containers to prevent anonymous/ unauthorized access More than 70% of subscriptions have identities (users and workloads) with over-permissive contributor roles More than 85% of organizations have over-permissive users and service principals left orphaned after project completion Implication: Identities with contributor roles significantly increase risks due to their ability to delete business-critical resources Implication: Inactive identities leave organizations open to credential misuse or exploitation for malicious activities Best practice: Replace high-risk contributor roles with lower-risk right-sized roles based on past activities Best practice: Remove all inactive users and service principals automatically to avoid unauthorized access to resources Remote Desktop Protocol (RDP), SSH access from the internet is enabled for network security groups in production environments Implication: Attackers can use various brute force techniques to gain access to Azure virtual machines Best practice: Disable RDP/SSH access on network security groups from the internet Users assign permissions and access outside of security and audit processes Implication: Unknown permissions assignments create a significant blind spot and unwanted risks for the organization Best practice: Allow access through approval- based permissions on-demand to track for identity governance and compliance State of Cloud Permissions Risks Report
Unique Key Findings: 8 More than 80% of projects have Service accounts with over- permissive Owner/ Editor roles either directly attached or inherited from folder or organization Implication: Service accounts with Owner/Editor permissions significantly increase security risk due to their ability to delete business- critical resources Best practice: Replace high-risk owner/editor roles with lower risk roles based on past activities and right- size all service accounts More than 75% of organizations have identity permissions creep ranging from Viewer to Owner Implication: Identities with high-risk permissions expand the attack surface due to their ability to delete business- critical resources Best practice: Persistently monitor the Permissions Creep Index, a metric that is the function of the number of unused high-risk permissions and the total number of resources that an identity can access, for all identities and right-size permissions to maintain security posture More than 50% of organizations have project wide SSH Keys enabled for virtual machine instances Implication: Project-wide SSH keys can be used to login into all the instances within a project. When compromised, they pose significant security risks that can impact all the instances Best practice: Use instance specific SSH keys that limit the attack surface in the case the SSH keys are compromised More than 85% of organizations have user-managed keys for service accounts that are not rotated Implication: Rotating service account keys reduces malicious usage risks of access keys associated with a compromised or terminated account Best practice: Service account keys should be rotated every 90 days to ensure data can’t be accessed with old keys that may be compromised State of Cloud Permissions Risks Report
Recommendations for Multicloud Permissions Management 9 Right-size permissions based on past activity Assess, manage, and monitor identities and access continuously Implement automated continuous identity governance and reporting • Remove or scope down permissions automatically for over- permissioned users, workloads, and groups verify • Grant high-risk permissions only on-demand with just-in-time access using an integrated approval workflow • Restrict broad access to critical cloud infrastructure resources • Remove inactive identities to avoid unauthorized access to resources • Migrate from static, assumption-based permission grant process to continuous, activity-based permission management • Monitor, receive alerts, and remediate anomalous identity behavior, unauthorized identities, and roles/policies • Monitor, receive alerts, and remediate permissions for privilege escalation scenarios and inactive identitiesRemove inactive identities to avoid unauthorized access to resources • NIST 800-53, CIS Benchmarks, and AWS Well-Architected reporting and built-in remediation to drive toward better compliance • Restrict inbound access to virtual machines by removing inbound SSH/RDP access in security groups • Enable Multi-Factor Authentication for all identities with console access • Rotate keys regularly to reduce risk due to compromised credentials • Automate and schedule custom risk reports across all accounts State of Cloud Permissions Risks Report
Executive Conclusion These key findings highlight areas where organizations should increase their cloud infrastructure security through implementing the principle of least privilege. Left unmanaged, the permissions gap can leave organizations vulnerable to attacks that can lead to catastrophic losses. Key recommendations: • Assess your permissions risks and identify which identity has been doing what, where, and when • Grant permissions on-demand for a time-limited period or an as-needed basis to ensure least privilege • Continuously monitor permissions usage across clouds About Microsoft Entra Permissions Management Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides complete visibility into permissions for all identities (user and workload) across all major public cloud platforms (AWS, Azure, GCP) from a unified interface. It helps organizations understand what permissions identities have and what resources they’re accessing. Permissions Management automatically detects which permissions are unused and pose risks and allows Security and Identity teams to right-size permissions in just a few clicks. Thanks to high-precision ML-based anomaly detection capabilities, Permissions Management streamlines threat detection and response and allows organizations to maintain a strong security posture. 10 Try Microsoft Entra Permissions Management now Permissions Management is now available for Public Preview! To try Permissions Management, log into Azure AD and click on our tile: aka.ms/TryPermissionsManagement. For more information about Permissions Management, visit aka.ms/PermissionsManagement. State of Cloud Permissions Risks Report
©2021 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

Recommended

User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfAndreBolo1
 

Recommended

User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfAndreBolo1
 
Derek wilson - Cloud Camp 2011
Derek wilson - Cloud Camp 2011Derek wilson - Cloud Camp 2011
Derek wilson - Cloud Camp 2011Vincent Kwon
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018soniamcpherson11
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12Jim Kaplan CIA CFE
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfChinatu Uzuegbu
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to EarthSri Chalasani
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
A017130104
A017130104A017130104
A017130104IOSR Journals
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingsahil lalwani
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityPeopleWorks IN
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
El valor empresarial de las aplicaciones inteligentes
El valor empresarial de las aplicaciones inteligentesEl valor empresarial de las aplicaciones inteligentes
El valor empresarial de las aplicaciones inteligentesCade Soluciones
 
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticias
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticiasIntegracion Siigo Nube + COI 11 #Cade te damos buenas noticias
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticiasCade Soluciones
 

More Related Content

Similar to 2021 State of Cloud Permissions Risks Report (1).pdf

Derek wilson - Cloud Camp 2011
Derek wilson - Cloud Camp 2011Derek wilson - Cloud Camp 2011
Derek wilson - Cloud Camp 2011Vincent Kwon
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018soniamcpherson11
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfChinatu Uzuegbu
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to EarthSri Chalasani
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityPeopleWorks IN
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 

Similar to 2021 State of Cloud Permissions Risks Report (1).pdf (20)

Derek wilson - Cloud Camp 2011
Derek wilson - Cloud Camp 2011Derek wilson - Cloud Camp 2011
Derek wilson - Cloud Camp 2011
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdf
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and Simplicity
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 

More from Cade Soluciones

El valor empresarial de las aplicaciones inteligentes
El valor empresarial de las aplicaciones inteligentesEl valor empresarial de las aplicaciones inteligentes
El valor empresarial de las aplicaciones inteligentesCade Soluciones
 
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticias
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticiasIntegracion Siigo Nube + COI 11 #Cade te damos buenas noticias
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticiasCade Soluciones
 
Nuevo Siigoaspel NOI 11 te va volar la cabeza
Nuevo Siigoaspel NOI 11 te va volar la cabezaNuevo Siigoaspel NOI 11 te va volar la cabeza
Nuevo Siigoaspel NOI 11 te va volar la cabezaCade Soluciones
 
NOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facil
NOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facilNOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facil
NOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facilCade Soluciones
 
ia revoluciona el mundo gracias a copilot
ia revoluciona el mundo gracias a copilotia revoluciona el mundo gracias a copilot
ia revoluciona el mundo gracias a copilotCade Soluciones
 
Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...
Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...
Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...Cade Soluciones
 
Tabla-comparativa-noi-10-vs-11 cade te dcimos como
Tabla-comparativa-noi-10-vs-11 cade te dcimos comoTabla-comparativa-noi-10-vs-11 cade te dcimos como
Tabla-comparativa-noi-10-vs-11 cade te dcimos comoCade Soluciones
 
Como ser un contador moderno 5.0 con CADE
Como ser un contador moderno 5.0 con CADEComo ser un contador moderno 5.0 con CADE
Como ser un contador moderno 5.0 con CADECade Soluciones
 
Declaracion anual 2023 con aspel coi cumple
Declaracion anual 2023 con aspel coi cumpleDeclaracion anual 2023 con aspel coi cumple
Declaracion anual 2023 con aspel coi cumpleCade Soluciones
 
Guía que es la Nube #CADE #Subetealanube
Guía que es la Nube #CADE #SubetealanubeGuía que es la Nube #CADE #Subetealanube
Guía que es la Nube #CADE #SubetealanubeCade Soluciones
 
Tres formas inteligentes El 73 % de los consumidores consideran que la experi...
Tres formas inteligentes El 73 % de los consumidores consideran que la experi...Tres formas inteligentes El 73 % de los consumidores consideran que la experi...
Tres formas inteligentes El 73 % de los consumidores consideran que la experi...Cade Soluciones
 
Lo nuevo de Aspel NOI 11, te vamos a soprender
Lo nuevo de Aspel NOI 11, te vamos a soprenderLo nuevo de Aspel NOI 11, te vamos a soprender
Lo nuevo de Aspel NOI 11, te vamos a soprenderCade Soluciones
 
Carta Porte 2.0 cumplimiento para transportar tus mercancias
Carta Porte 2.0 cumplimiento para transportar tus mercanciasCarta Porte 2.0 cumplimiento para transportar tus mercancias
Carta Porte 2.0 cumplimiento para transportar tus mercanciasCade Soluciones
 
Multas carta porte 3.0 Siigo Aspel - CADE
Multas carta porte 3.0 Siigo Aspel - CADEMultas carta porte 3.0 Siigo Aspel - CADE
Multas carta porte 3.0 Siigo Aspel - CADECade Soluciones
 
Conviértete en contador forense.pdf
Conviértete en contador forense.pdfConviértete en contador forense.pdf
Conviértete en contador forense.pdfCade Soluciones
 

More from Cade Soluciones (20)

El valor empresarial de las aplicaciones inteligentes
El valor empresarial de las aplicaciones inteligentesEl valor empresarial de las aplicaciones inteligentes
El valor empresarial de las aplicaciones inteligentes
 
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticias
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticiasIntegracion Siigo Nube + COI 11 #Cade te damos buenas noticias
Integracion Siigo Nube + COI 11 #Cade te damos buenas noticias
 
Nuevo Siigoaspel NOI 11 te va volar la cabeza
Nuevo Siigoaspel NOI 11 te va volar la cabezaNuevo Siigoaspel NOI 11 te va volar la cabeza
Nuevo Siigoaspel NOI 11 te va volar la cabeza
 
NOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facil
NOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facilNOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facil
NOI 11 nuevos beneficios que te ayudaran hacer tu nomina mas facil
 
ia revoluciona el mundo gracias a copilot
ia revoluciona el mundo gracias a copilotia revoluciona el mundo gracias a copilot
ia revoluciona el mundo gracias a copilot
 
Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...
Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...
Impulse el crecimiento empresarial con aplicaciones y experiencias con tecnol...
 
Tabla-comparativa-noi-10-vs-11 cade te dcimos como
Tabla-comparativa-noi-10-vs-11 cade te dcimos comoTabla-comparativa-noi-10-vs-11 cade te dcimos como
Tabla-comparativa-noi-10-vs-11 cade te dcimos como
 
Como ser un contador moderno 5.0 con CADE
Como ser un contador moderno 5.0 con CADEComo ser un contador moderno 5.0 con CADE
Como ser un contador moderno 5.0 con CADE
 
Declaracion anual 2023 con aspel coi cumple
Declaracion anual 2023 con aspel coi cumpleDeclaracion anual 2023 con aspel coi cumple
Declaracion anual 2023 con aspel coi cumple
 
Guía que es la Nube #CADE #Subetealanube
Guía que es la Nube #CADE #SubetealanubeGuía que es la Nube #CADE #Subetealanube
Guía que es la Nube #CADE #Subetealanube
 
Tres formas inteligentes El 73 % de los consumidores consideran que la experi...
Tres formas inteligentes El 73 % de los consumidores consideran que la experi...Tres formas inteligentes El 73 % de los consumidores consideran que la experi...
Tres formas inteligentes El 73 % de los consumidores consideran que la experi...
 
Lo nuevo de Aspel NOI 11, te vamos a soprender
Lo nuevo de Aspel NOI 11, te vamos a soprenderLo nuevo de Aspel NOI 11, te vamos a soprender
Lo nuevo de Aspel NOI 11, te vamos a soprender
 
Carta Porte 2.0 cumplimiento para transportar tus mercancias
Carta Porte 2.0 cumplimiento para transportar tus mercanciasCarta Porte 2.0 cumplimiento para transportar tus mercancias
Carta Porte 2.0 cumplimiento para transportar tus mercancias
 
Multas carta porte 3.0 Siigo Aspel - CADE
Multas carta porte 3.0 Siigo Aspel - CADEMultas carta porte 3.0 Siigo Aspel - CADE
Multas carta porte 3.0 Siigo Aspel - CADE
 
cade365pdf
cade365pdfcade365pdf
cade365pdf
 
Conviértete en contador forense.pdf
Conviértete en contador forense.pdfConviértete en contador forense.pdf
Conviértete en contador forense.pdf
 
Retos 2024-aspel.pdf
Retos 2024-aspel.pdfRetos 2024-aspel.pdf
Retos 2024-aspel.pdf
 
ia.pdf
ia.pdfia.pdf
ia.pdf
 
original.pdf
original.pdforiginal.pdf
original.pdf
 
original (1).pdf
original (1).pdforiginal (1).pdf
original (1).pdf
 

Recently uploaded

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Anamikakaur10
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 

Recently uploaded (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 

2021 State of Cloud Permissions Risks Report (1).pdf

  • 1. 2021 State of Cloud Permissions Risks Report
  • 2. 03 / Executive Introduction 04 / Closing the Permissions Gap with Cloud Infrastructure Entitlement Management (CIEM) 05 / Risk Findings Across Cloud Infrastructures 06 / Unique Key Findings 09 / Recommendations for Multicloud Permissions Management 10 / Executive Conclusion 2 State of Cloud Permissions Risks Report
  • 3. The permissions gap is a contributing factor to the rise of both accidental and malicious insider threats, which can allow attackers to exploit an identity with misconfigured permissions and access critical cloud infrastructure. This gap can be reduced through implementing the principle of least privilege and working towards a Zero Trust security model, thus protecting cloud environments. However, this is nearly impossible to do manually and at cloud scale. Today, over 40,000 permissions can be granted to identities across the key cloud infrastructure platforms and nearly 50% of these permissions can be classified as high- risk, meaning they can cause catastrophic security and business damage - service disruption, service degradation or data exfiltration - if used improperly. In this report, we share detailed findings about the most common cloud permissions risks we observed and share recommendations to enforce the principle of least privilege and achieve Zero Trust security across your entire digital estate. 3 7xGrowth of identities accessing cloud services However, organizations need to first fix the permissions gap to achieve Zero Trust Compliance 95% of permissions are unused 87% want Zero Trust Compliance But 20K+High-risk permissions Executive Introduction As organizations modernize IT and adopt multicloud infrastructures to support evolving business processes involving user and workload identities (e.g., virtual machines, web apps, containers, scripts, etc.), it’s increasingly difficult to know who has access to what data across which platforms. This lack of visibility leads to excessive permissions and higher security risks exposing identities and resources. Regardless of where an organization is in their cloud migration process, it’s important to implement robust cloud infrastructure security. Without it, their cloud environment is left vulnerable to attacks and accidents. Microsoft collected data from risk assessments performed with over 150 organizations worldwide and discovered that more than 90% of identities are using less than 5% of permissions granted. This gap between permissions granted and those used is what we call the permissions gap. Cloud Infrastructure Security Trends State of Cloud Permissions Risks Report
  • 4. Closing the Permissions Gap with Cloud Infrastructure Entitlement Management The principle of least privilege is nothing new – it’s one of the foundational concepts of Zero Trust: • Never trust, always verify • Assume breach • Enforce least privilege However, with the rising complexity of multicloud environments, it has become increasingly difficult to implement the principle of least privilege consistently across clouds. Without it, organizations are left susceptible to severe consequences. In the past, organizations had fewer identities to manage, typically only including employees, partners, or customers. As the world has become increasingly more digital, these identities have expanded to include developers, third-party contractors, a host of workload identities like web apps, virtual machines, containers, or scripts, and a variety of compute types like EC2 instances and serverless functions. These workload identities can have the same high-risk permissions and access to sensitive resources that users do. In order to lay out a framework for organizations to approach identity, access and permissions management in their multicloud environments, Gartner recently created the category Cloud Infrastructure Entitlement Management (CIEM). CIEM is a next-generation solution for managing permissions consistently across all cloud infrastructures and enforcing the principle of least privilege for all identities and resources, helping to reduce the permissions gap and getting one step closer to a Zero Trust security framework. 4 State of Cloud Permissions Risks Report
  • 5. Key Risk Findings Across Cloud Infrastructures Some of the risks contributing to the permissions gap span across the three main cloud providers— Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)—while others are unique to each provider. The most common risks we found in all three main cloud providers include: 5 High-risk permissions are continuing to rise, with more than 90% of identities using less than 5% of permissions granted Implication: Excessively permissioned active identities are exposed to credential theft risks Best practice: Right-size permissions based on the past activities of these identities and grant additional permissions on an on-demand basis Workload identities are over- permissioned and greater than 40% of them are inactive Implication: Inactive identities leave organizations open to credential misuse or exploitation for malicious activities Best practice: Remove inactive roles/ policies and identities to avoid unauthorized access to resources Lack of separation of duties: Users with excessive roles/policies in both development and production subscriptions/accounts Implication: Leveraging the same roles/policies and permissions in development and production environments exposes your infrastructure to insider threats and malicious external threats Best practice: Right-size permissions in development environments and clone permissions into production only as a starting point, then right- size permissions to tighten controls Cross-account access is frequently granted to external identities Implication: Cross-account access enables identities to access all resources in target accounts, leading to data leakage or malicious service disruption Best practice: Right-size scope of roles/ policies to access limited resources and limit access to specific identities in other accounts State of Cloud Permissions Risks Report
  • 6. Unique Key Findings: 6 Two thirds of all organizations have EC2 instances with access to all S3 buckets Implication: Attackers can leverage compromised EC2 instances to access sensitive data stores leading to data breaches Best practice: Restrict broad access to all resources for applications on EC2 instances Admins typically don’t have Multi-factor Authentication (MFA) enabled and access keys not rotated for at least 6 months Implication: Admins without MFA enabled login or non-rotated access keys increase the risk of compromised credentials Best practice: Enable MFA for all users with console access and rotate access keys every 90 days Misconfigured security groups with inbound Secure Shell (SSH) port open and attached to EC2 instances Implication: Open security groups allow network-based attacks to gain access to EC2 instances Best practice: No security groups should allow unrestricted ingress access to any ports More than 50% of enterprises have identities with privilege escalation ability to elevate to super admin role Implication: Identities with hidden privilege escalation ability can self-elevate to admin privileges and gain unauthorized access Best practice: Regularly review all identity policies for any privilege escalation possibilities State of Cloud Permissions Risks Report
  • 7. Unique Key Findings: 7 65% of enterprises have anonymous public read access enabled for blob containers in production environments Implication: Confidential data in public storage accounts is exposed to anonymous unauthorized identities Best practice: Provide controlled just-in- time access to blob containers to prevent anonymous/ unauthorized access More than 70% of subscriptions have identities (users and workloads) with over-permissive contributor roles More than 85% of organizations have over-permissive users and service principals left orphaned after project completion Implication: Identities with contributor roles significantly increase risks due to their ability to delete business-critical resources Implication: Inactive identities leave organizations open to credential misuse or exploitation for malicious activities Best practice: Replace high-risk contributor roles with lower-risk right-sized roles based on past activities Best practice: Remove all inactive users and service principals automatically to avoid unauthorized access to resources Remote Desktop Protocol (RDP), SSH access from the internet is enabled for network security groups in production environments Implication: Attackers can use various brute force techniques to gain access to Azure virtual machines Best practice: Disable RDP/SSH access on network security groups from the internet Users assign permissions and access outside of security and audit processes Implication: Unknown permissions assignments create a significant blind spot and unwanted risks for the organization Best practice: Allow access through approval- based permissions on-demand to track for identity governance and compliance State of Cloud Permissions Risks Report
  • 8. Unique Key Findings: 8 More than 80% of projects have Service accounts with over- permissive Owner/ Editor roles either directly attached or inherited from folder or organization Implication: Service accounts with Owner/Editor permissions significantly increase security risk due to their ability to delete business- critical resources Best practice: Replace high-risk owner/editor roles with lower risk roles based on past activities and right- size all service accounts More than 75% of organizations have identity permissions creep ranging from Viewer to Owner Implication: Identities with high-risk permissions expand the attack surface due to their ability to delete business- critical resources Best practice: Persistently monitor the Permissions Creep Index, a metric that is the function of the number of unused high-risk permissions and the total number of resources that an identity can access, for all identities and right-size permissions to maintain security posture More than 50% of organizations have project wide SSH Keys enabled for virtual machine instances Implication: Project-wide SSH keys can be used to login into all the instances within a project. When compromised, they pose significant security risks that can impact all the instances Best practice: Use instance specific SSH keys that limit the attack surface in the case the SSH keys are compromised More than 85% of organizations have user-managed keys for service accounts that are not rotated Implication: Rotating service account keys reduces malicious usage risks of access keys associated with a compromised or terminated account Best practice: Service account keys should be rotated every 90 days to ensure data can’t be accessed with old keys that may be compromised State of Cloud Permissions Risks Report
  • 9. Recommendations for Multicloud Permissions Management 9 Right-size permissions based on past activity Assess, manage, and monitor identities and access continuously Implement automated continuous identity governance and reporting • Remove or scope down permissions automatically for over- permissioned users, workloads, and groups verify • Grant high-risk permissions only on-demand with just-in-time access using an integrated approval workflow • Restrict broad access to critical cloud infrastructure resources • Remove inactive identities to avoid unauthorized access to resources • Migrate from static, assumption-based permission grant process to continuous, activity-based permission management • Monitor, receive alerts, and remediate anomalous identity behavior, unauthorized identities, and roles/policies • Monitor, receive alerts, and remediate permissions for privilege escalation scenarios and inactive identitiesRemove inactive identities to avoid unauthorized access to resources • NIST 800-53, CIS Benchmarks, and AWS Well-Architected reporting and built-in remediation to drive toward better compliance • Restrict inbound access to virtual machines by removing inbound SSH/RDP access in security groups • Enable Multi-Factor Authentication for all identities with console access • Rotate keys regularly to reduce risk due to compromised credentials • Automate and schedule custom risk reports across all accounts State of Cloud Permissions Risks Report
  • 10. Executive Conclusion These key findings highlight areas where organizations should increase their cloud infrastructure security through implementing the principle of least privilege. Left unmanaged, the permissions gap can leave organizations vulnerable to attacks that can lead to catastrophic losses. Key recommendations: • Assess your permissions risks and identify which identity has been doing what, where, and when • Grant permissions on-demand for a time-limited period or an as-needed basis to ensure least privilege • Continuously monitor permissions usage across clouds About Microsoft Entra Permissions Management Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides complete visibility into permissions for all identities (user and workload) across all major public cloud platforms (AWS, Azure, GCP) from a unified interface. It helps organizations understand what permissions identities have and what resources they’re accessing. Permissions Management automatically detects which permissions are unused and pose risks and allows Security and Identity teams to right-size permissions in just a few clicks. Thanks to high-precision ML-based anomaly detection capabilities, Permissions Management streamlines threat detection and response and allows organizations to maintain a strong security posture. 10 Try Microsoft Entra Permissions Management now Permissions Management is now available for Public Preview! To try Permissions Management, log into Azure AD and click on our tile: aka.ms/TryPermissionsManagement. For more information about Permissions Management, visit aka.ms/PermissionsManagement. State of Cloud Permissions Risks Report
  • 11. ©2021 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.