Out of Sight. Out of Control. The Real Cloud Security Problem.

Organizations have increasingly migrated their on-prem assets to the cloud for numerous benefits, with simplicity being a primary driver. The cloud makes things easy, maybe too easy. Microsoft Entra Permissions Management discovered 209 million identities across Microsoft cloud environments in 2023, spanning both human and workload identities. Keep in mind this is just one cloud provider. Alarmingly, fifty percent of these identities are what Microsoft refers to as Super Identities, which they define as

“A user or workload identity that has access to all permissions and all resources across your entire cloud estate.”

This is a real security problem because every identity represents a point of entry for an attacker.

Dormant Accounts and Unused Permissions

Here’s another problem. Things that get created are also easily forgotten. The 2024 Microsoft State of Multicloud Security Report found 51,000 permissions assigned to 209 million identities, yet only 2% were used, and 50% posed high risk. Identities receive broad access at creation, which is rarely tightened later.

Unused permissions, especially those with elevated or administrative privileges, are often forgotten and overlooked. Attackers actively seek out these dormant credentials because, once compromised, they can be used to access sensitive data or escalate privileges within your cloud environment. That large pool of unused permissions (98%) serves as an attractive attack surface for malicious actors seeking to exploit cloud infrastructures. While organizations may be unaware of their dormant cloud accounts and unused permissions, malicious threat actors are continuously scanning the internet for public accessibility.

The Leading Threats of Cloud Environments

According to a 2024 Cloud Security Outlook Study, the leading risks to cloud infrastructure are insecure identities and misconfigurations, each cited by 39% of organizations as top concerns. Insecure identities include both human and service accounts with risky or excessive permissions, making them prime targets for attackers.

The impact of these risks is significant. Among organizations that experienced cloud-related breaches, an overwhelming 99% identified issues with identities and permissions as the primary cause. The study shows that Identity Access and Management (IAM) is a major challenge in the cloud.

• 56% cited excessive permissions as a top factor

• 53% report an inability to adequately see or track all identities and their permissions across their cloud environment. This implies that they may not know all the identities that exist in their systems or can’t effectively monitor what these identities are doing.

• Half of the study respondents reported challenges with handling permissions across multiple cloud platforms (like AWS, Azure, Google Cloud). This included inconsistent permission models between different cloud providers, and challenges in centrally controlling and auditing permissions.

• 49% cited a lack of IAM security prioritization by cloud and security practitioners.

Excessive Privilege is Common to Cloud Environments

Excessive privilege is not limited to any one cloud provider. For instance, AWS S3 bucket accessibility poses a serious risk for data breaches if not properly secured. Misconfigured permissions that allow public access or the use of overly broad access control lists can expose sensitive data to anyone on the internet. According to the 2024 State of Cloud Security Report, 84% of organizations have at least one neglected public-facing asset. This makes it easy for hackers to find and download confidential files. Attackers often use automated tools to scan for publicly accessible buckets or other repositories, and once found, they can exploit this access to steal data, upload malware, or launch further attacks.

One of the primary reasons that so many assets and identities are open to the public is the confusion of the shared responsibility model, a framework that divides security duties between cloud providers and customers. This ambiguity creates dangerous gaps, as organizations often misinterpret their obligations, leading to misconfigurations and lax controls. This confusion was evident in the cited 2024 study, which revealed that 44% of respondents lacked clear ownership of cloud security responsibilities.

Lack of Expertise

Improving cloud identity and asset security seems straightforward, but challenges abound. Limited visibility into cloud environments, worsened by Shadow IT in the cloud, is a major hurdle. Even more critical is the expertise gap as 95% of organizations are plagued with insufficient expertise in cloud infrastructure security. With the growing presence of AI, the need to update skillsets will prove even more critical.

Cloud Security Assessment

Many organizations today utilize multiple clouds, but they all have common problems including poor visibility, identity sprawl, complexity, missing context, and insufficient expertise. While these are certainly challenges, they are manageable with the proper guidance. HALOCK Security Labs can get you started with a cloud security assessment of your environment. Amongst other objectives, the report will identify accounts that are over-privileged, unused, and may pose higher risk as well as the potential toxic combinations of access privileges and non-secure configurations. Contact us and speak with our team of cloud security specialists to learn more about how we can help you get the visibility, control and knowledge transfer you need to secure your cloud environment.

READ MORE CLOUD SECURITY INSIGHT ARTICLES