t cht lk not immune to credential theft , phishing , accidental exposure or other threats . Therefore , defenses cannot rely solely on protection of passwords and credentials .

MODERN PROTECTION OF PUBLICLY- HOSTED CLOUD ENVIRONMENTS REQUIRES A NEW APPROACH . looking for . Monitoring for suspicious activity in a cloud account ( for example , such as anomalous usage of permissions ) will help identify malicious activity in time and stop it before user data is exposed .

t cht lk not immune to credential theft , phishing , accidental exposure or other threats . Therefore , defenses cannot rely solely on protection of passwords and credentials .

• Detect excessive permissions : Since excessive permissions are so frequently exploited for malicious purposes , identifying and alerting against such permissions becomes paramount . This cannot be done just by measuring against static lists of best practices but must be based on analyzing the gap between the permissions a user has defined , and the permission they actually use .

• Harden security posture : The best way of stopping a data breach is preventing it before it ever occurs . Therefore , hardening your cloud security posture and eliminating excessive permissions and misconfigurations guarantees that even if a user ’ s credentials become compromised , then attackers will not be able to do much with those permissions .

• Look for anomalous activities : A data breach is not one thing going wrong , but a whole list of things going wrong . Most data breaches follow a typical progression , which can be detected and stopped in time – if IT know what they ’ re

“

MODERN PROTECTION OF PUBLICLY- HOSTED CLOUD ENVIRONMENTS REQUIRES A NEW APPROACH . looking for . Monitoring for suspicious activity in a cloud account ( for example , such as anomalous usage of permissions ) will help identify malicious activity in time and stop it before user data is exposed .

• Automate response : Time is money and even more so when it comes to preventing exposure of sensitive user data . Automated response mechanisms allow you to respond faster to security incidents and block-off attacks within seconds of detection .

Advanced vendors are offering comprehensive protection . These can include a line of cloud-based security services that provide an agentless , cloud-native solution for comprehensive protection of workloads hosted on AWS .

Such solutions protect both the overall security posture of an AWS cloud account , as well as individual cloud workloads , protecting against cloud-native attack vectors . • www . intelligentcio . com INTELLIGENTCIO

Intelligent CIO North America Issue 02 | Page 77

t cht lk not immune to credential theft , phishing , accidental exposure or other threats . Therefore , defenses cannot rely solely on protection of passwords and credentials .

MODERN PROTECTION OF PUBLICLY- HOSTED CLOUD ENVIRONMENTS REQUIRES A NEW APPROACH . looking for . Monitoring for suspicious activity in a cloud account ( for example , such as anomalous usage of permissions ) will help identify malicious activity in time and stop it before user data is exposed .

t cht lk not immune to credential theft , phishing , accidental exposure or other threats . Therefore , defenses cannot rely solely on protection of passwords and credentials .

“

MODERN PROTECTION OF PUBLICLY- HOSTED CLOUD ENVIRONMENTS REQUIRES A NEW APPROACH . looking for . Monitoring for suspicious activity in a cloud account ( for example , such as anomalous usage of permissions ) will help identify malicious activity in time and stop it before user data is exposed .