Cloud computing is everywhere.
Despite the many benefits provided by cloud technology — greater efficiency, cost savings, enhanced collaboration etc. — it hasn’t come without a price.
As organizations increasingly rush toward cloud-enabled agility to remain competitive deploying code and features as quickly as possible to remain competitive, security risks are increasing.
In the rush toward cloud-enabled agility, organizations can’t afford security mistakes that could undercut digital innovations.
Unfortunately, the rapid and dynamic nature of cloud environments creates many security concerns. At JumpCloud, we’re particularly interested in solving the growing challenges of identity and access management (IAM) in the public cloud.
According to Gartner’s Managing Privileged Access in Cloud Infrastructure report, 75% of the cloud security failures will be attributable to inadequate management of identities, access, and privileges by 2023.
As the number of services offered by cloud service providers has grown, so has the complexity and expertise required to manage their access. Amazon Web Services (AWS), for example, currently offers more than 200 different cloud services! In the name of expediency, cloud administrators frequently grant extensive permissions to users to enable them to accomplish tasks quickly and seamlessly. In addition, there is often no centralization of who configures cloud Identities. All of this creates the perfect recipe for a security disaster.
In the words of Sundar Jayashekar, Head of Product (Data) at JumpCloud:
“Observability and continuous monitoring of IAM-related activities has not received the attention that it should in most small-to-medium-sized companies running public cloud workloads.”
In this article, we will take a closer look at Cloud Insights, a new JumpCloud Service that helps improve cloud monitoring visibility. Our goal is simple: help customers catch IAM misconfigurations and Excessive Permissions with the end goal of achieving the Principle of Least Privilege (POLP).
Common Cloud User Visibility Challenges
Maintaining granular access control across such a large number of services can be challenging. For example, access rights are granted to a developer while working on a new app.
As the developer moves to a new project with a different scope, best practices dictate that permissions to services and assets that are no longer used should be removed. This introduces considerable burden on admins and DevOps to regularly identify and remove such permissions.
In organizations where permissions sprawl goes unchecked, this creates another threat vector that bad actors can exploit. According to an IDC survey, most organizations leveraging the public cloud have suffered some kind of cloud breach.
Unsurprisingly, compliance standards like SOC2 have explicit controls for permission management and monitoring of user activity in the cloud. As outlined in SOC2’s 2022 Guidelines:
The entity…develops control activities to restrict technology access rights to authorized users commensurate with their job responsibilities …” (SOC2, CC5.2) and “[…]the entity uses…monitoring procedures to identify…changes to configurations that result in…new vulnerabilities…” (SOC2, CC7.1).
These considerations make a pretty strong case for a cloud activity monitoring solution from both security and compliance lenses. The good news is JumpCloud’s Cloud Insights can now help IT & DevOps professionals see who is doing what in their public cloud environment.
What Is Cloud Insights?
Cloud Insights is JumpCloud’s public cloud activity monitoring and compliance service. It is a tool for admins and DevOps engineers to view, filter, and perform searches for AWS management events, as well as do evidence gathering for compliance attestations or one-off requests.
What Can You Do with Cloud Insights?
JumpCloud’s Cloud Insights allows you to onboard multiple AWS accounts and monitor user actions from the same tool that lets you monitor user activity across directory, devices, SSO, MFA, and others.
Our team has designed a setup process that can be done in as little as 20 minutes. Simply log in to your admin portal and select Cloud from the Insights menu. From there, add your AWS account number and the region where you’d like data to be hosted.
Finally, run a cloud formation template in your AWS account to start seeing management events in your Cloud Insights events feed.
1. Filter by Any Event Attribute
Troubleshooting, security monitoring or even serving a specific compliance request all require ability to zoom in on activity relevant to that specific use case. With Cloud Insights you can run custom filtering for a specific time range, by any event or identity type, resources impacted by the event or any other Cloud Trail field.
2. Use SSO Connector Badges
Controlling access to your cloud infrastructure is critical for efficient IT operations, compliance, and security. If you are using JumpCloud SSO connectors to grant your users access to AWS, you’ll be able to see this connector information in the events feed and quickly identify users that continue to use unmanaged credentials – data not natively available in Cloud Trail logs.
3. Use Nonperson Entity Filtering
When event volume is large, it is important to be able to focus on events that matter the most. For admins mostly focused on human user actions, we’ve added a functionality to filter out events due to internal AWS services, 3d party software agents, CI/CD tools, etc.
Cloud Insights: What’s Next?
Our north star is focused around ensuring cloud access monitoring is multi-cloud, continuous, and easy. While we continue to add features for AWS specifically, we intend to expand the product for GCP and Azure soon.
This way customers won’t have to worry about building their own solutions, understanding the various log formats, how to access them, ingest them and parse them. We expect Cloud Insights to become your favorite single pane of glass for continuous public cloud user access monitoring.
Ready to experience the Cloud Insights for yourself?
Prefer hands-on assistance?