‘Toxic Permissions’ Leave AWS S3 Buckets Vulnerable to Ransomware
The “toxic combination of overprivileged identities and poorly configured environments” can potentially expose data.
SC Media recently dug into our Ransomware Report, interviewing several CEOs and security experts for their take.
For the article, SC Media spoke with Mohit Tiwari, co-founder and CEO at Symmetry Systems, who explained that today, cloud services are built almost entirely on third party tools. “Think CI/CD roles, monitoring tools, platform-services for data stores, lambdas, and machine learning — all with a thin shim of a company’s specific identities,” Tiwari said. These identities can write to data and can evidently “ransomware” the data as well. Tiwari said this is one likely explanation for the number of risky sounding identities in our report.
In addition, Saryu Nayyar, CEO of Gurucul, explained that identifies are the easiest doorway into a network. They serve as the quickest pathway to the arsenal of an enterprise’s valuable assets. “Part of the challenge facing organizations today lies in the functional gap that often exists between IAM and security teams,” Nayyar said. “While security is focused on malware detection, finding threats, and delivering responses, IAM teams focus on providing access, often in excess. They are too often working at cross-purposes regarding critical elements of the same access risk and threat plane. Herein lies the dilemma. For success to occur, IT and SOCs must agree that the compromise and misuse of identity are at the core of modern threats and they need to collaborate effectively. Identity is an access risk and threat plane that must have its surface area reduced and then monitored for compromise and abuse.”
