It is Time to Treat Privilege Like Privacy
Carla Roncato, Senior Analyst at Enterprise Strategy Group, shared that ESG recently asked organizations, “approximately what percentage of your organization’s human and non-human identities have permissions associated with their use of cloud services that are greater than what is required to do their task/job?” We spoke with her last week about the fact that privilege […]
Carla Roncato, Senior Analyst at Enterprise Strategy Group, shared that ESG recently asked organizations, "approximately what percentage of your organization’s human and non-human identities have permissions associated with their use of cloud services that are greater than what is required to do their task/job?"
We spoke with her last week about the fact that privilege sprawl and entitlements creep are much higher, much worse than these respondents approximate. She posits that as an industry, we "need to come together and formalize least-privilege cloud reference architectures, frameworks, use cases, and security controls that normalize and operationalize least-privilege by design, in deployments, in configurations, in policies, and in use." And we couldn't agree more.
In her recent Pulse article on LinkedIn, Carla shares her insights into the importance of treating privilege like privacy and working to improve it. Read her full post here.