Multi-cloud ‘over-permissioning’ causing cyber risk headaches for businesses

Microsoft has warned that a pervasive culture of “over-permissioning” due to rising cloud workloads and infrastructure expansion is placing organisations at greater risk of breaches.  

The 2023 State of Cloud Permissions Risks report, published by Microsoft this week, found that as businesses increasingly move to multi-cloud environments, many are granting permissions that are deemed “high risk”.  

Permissions allow users or machines to access applications or resources within a cloud environment and perform specific operations or commands. Microsoft said that human and machine-based user identities use just 1% of permissions granted in their daily functions, meaning that the vast majority are sitting idle and unused.  

“As cloud environments expand, they have inadvertently become more complex to manage,” Microsoft warned in its report. “With over 40,000 permissions that can be granted to identities, of which more than 50% are high-risk, it is becoming increasingly difficult for organisations to know who has access to what data, and across which cloud platforms.” 

Microsoft said that since the publication of its inaugural report in 2021, it has observed a “significant increase” in organisations granting permissions to access critical cloud resources.  

Similarly, the report highlighted a sharp rise in the number of ‘super admins’ present in multi-cloud environments. ‘Super admins’ refer to user or machine-based identities that have access to all resources within an organisation’s cloud infrastructure.  

Alex Simons, corporate VP of program management at Microsoft’s Identity division, warned that super admins are “extremely over-permissioned” and that 98% of these identities are unused, meaning they could be at heightened risk of misuse if a breach occurs.  

“Super admins are human or workload identities that have access to all permissions and all resources. They can create and modify configuration settings to a service, add or remove identities, and access or even delete data,” he said.  

“Extremely over-permissioned, our research found that less than 2% of permissions granted to super identities are used, and 40% of super admins are workload identities. Left unmonitored, these identities present a significant risk of permission misuse if breached.” 

Machine-based identities posing added risks

The expansion of machine-based identities in cloud environments was a key concern highlighted by Simons, with human identities now outnumbered by a ratio of 10:1.  

This means that visibility and monitoring of activity within multi-cloud environments can become an increasingly difficult task, with organisations unable to effectively mitigate potential misuse of permissions.  

“In today’s multi-cloud world, human identities are no longer the only ones accessing multi-cloud infrastructure,” Simons explained. “The number of workload identities operating across clouds, including apps, VMs, scripts, containers, and services has exponentially increased, now outnumbering human identities ten to one.” 

Simons said that organisations must take steps to narrow this growing permissions gap to mitigate the potential for misuse. To achieve this, firms must implement the principle of “least privilege” and reduce the number of permissions across their infrastructure.  

“Closing the permissions gap and reducing the risk of permission misuse requires organisations to implement the principle of least privilege,” he said.  

“This must occur consistently to all human and workload identities across multi-cloud environments. Organisations can achieve this at a cloud scale by adopting a Cloud Infrastructure Entitlement Management (CIEM) solution to continuously discover, remediate, and monitor the activity of every unique user and workload identity across multi-cloud.”