The hidden danger to zero trust: Excessive cloud permissions

The hidden danger to zero trust: Excessive cloud permissions

Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support!

What is one of the leading causes of breaches in the cloud?

OMG, it’s still phishing! It’s no wonder CISOs push zero trust as a top priority. Identities are a top cloud target.

However, the reality is, least privilege access rights are still not properly enforced. As a matter of fact, in the recent Sysdig 2023 Cloud-Native Security and Usage report found that 90% of granted permissions are not used, making it a lot easier to move laterally and take the keys to the kingdom once they get in.

The report also found that non-admin users only utilized 10% of granted permissions over a 90-day window. DevOps teams tend to grant more permissions – for both humans and non humans – than needed, increasing the risk of attack.

Excessive cloud permissions erode zero trust efforts and open your organization to further breach. Read more key takeaways from Sysdig’s report.

Download Sysdig report

Download the full Cloud-Native Security and Usage Report to uncover the latest insights like:

  • How companies can save up to $10M in cloud costs
  • 87% of images include a high or critical vulnerability
  • 90% of accounts have excessive permissions

Learn More ➔

About Sysdig

Sysdig delivers cloud and container security so you can stop attacks with no wasted time. Detect threats in real-time using ML, curated rules and Sysdig Threat Research Policies. Prioritize vulnerabilities based on in-use risk exposure and fix fast with context. Gain agentless visibility combined with runtime security powered by eBPF and Falco.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about cybersecurity, you can find more information here.