Are You Regularly Auditing Your Privileged Cloud Accounts?

Most people are aware of the cloud adoption transformation that has happened over the last 5+ years. It was accelerated during the pandemic, and now most businesses largely operate supported by cloud-based systems.

In 2018, approximately 25% of customer interactions in the U.S. were digitally based, and after the pandemic, that number has risen to 65%.

One statistic that has grown along with cloud adoption has been credential compromise. With more business systems and data in the cloud, the best way to get to that data is through a user login and a privileged account login in particular.

Cloud solutions provided by Microsoft, Google, and other companies will have stringent security safeguards to keep hackers out of those platforms. But with a user login, a cybercriminal has a free access ticket to bypass security and do as they like.

74% of data breaches begin with privileged credential abuse.

Privileged accounts provide more opportunities for hackers. While a standard “user” may only have limited access to the settings in a cloud account, an account with administrative credentials can do things like change security settings and add and remove other users. Some can also access payment card details in an account.

It’s important to regularly audit your privileged accounts to reduce your risk of a cloud account breach.

What to Look at in a Privileged Account Audit

Accounts With Unnecessarily High Access Levels

Some business owners or administrators will give employees a higher level of access to an account than needed. They may think, “If something comes up and they need it, they won’t have to ask for their permissions to be increased.”

But the more high-level accounts you have, the larger the risk of a data breach. In the latest IBM Cost of a Data Breach report, credential compromise rose to the #1 cause of data breaches.

You should use the Rule of Least Privilege, which dictates that users be given the lowest level of access possible for them to carry out their daily tasks.

Unused Accounts That Weren’t Closed

Not closing an unused cloud account leaves an open door for a hacker. Remember the ransomware attack at Colonial Pipeline last year? The one that caused gas prices across the country to skyrocket? That attack was initiated from an unused VPN account that had not been closed and was also not protected by MFA.

You want to regularly audit your privileged cloud accounts for any that have been left open after the user either left or changed responsibilities in the company. These unused accounts should be closed out.

Whether Multi-Factor Authentication is Implemented

One of the most significant protections you should have on all your cloud accounts, and especially on privileged accounts of admins and account owners is multi-factor authentication (MFA). 

Only about 27% of small businesses use MFA, but it is 99.9% effective at blocking fraudulent sign-ins on accounts. This makes it the best protection you can have for your high-level cloud accounts.

If you aren’t using it, you should enable MFA, and when doing subsequent account audits, look for any that don’t have it enabled.

Policies That Dictate How Privileged Accounts Are Set Up

Who decides how your user accounts are set up, and specifically, the access level that a user will get?

There are a lot of small businesses where there is no formal process. The person in charge of setting up new accounts, who may be an office manager, might just set them up arbitrarily, based on what they feel the person needs to access.

Not having a policy to guide new account setup is how companies end up with too many privileged accounts and a higher risk of a data breach.

It’s critical to layout guidelines in an account setup policy that will explain the criteria that need to be met for someone to have a higher-level account with access to things like user management or security settings.

Monitoring in Place for Privileged Accounts

If you have a data breach and someone begins sending out phishing on your company email domain, do you have a way to know which user credential was breached and the time of the last login?

You should have a cloud security strategy in place that includes monitoring of user access. This is particularly important for tracking down insider attacks through credential compromise.

For example, if you can trace malicious activity back to a specific privileged account and know that the last login was in the middle of the night when the legitimate user was asleep you can better address it. You can assume that credential was compromised and target your remediation and security efforts accordingly.

Get Help With Password Security & Access Management

Cloudadvize can work with your Dallas-Fort Worth business to help you improve your account security through efficient and secure access management solutions.

Contact Cloudavize today for a free consultation to get started.