Building on Google Cloud Platform (GCP) allows DevOps teams to collaborate and create with little restriction, which results in quick turnaround time and an overall increase in market velocity. GCP provides a decent identity and access management (IAM) solution designed to minimize exposure and control access. However, the ever-expanding identity lifecycles in the cloud can lead to standing privileges that leave enterprises vulnerable to security attacks.
GCP IAM Security Risks
Adhering to the principle of least privilege access, Google recommends that all users should be granted just enough access to complete everyday tasks and nothing more. Administrators are responsible for assigning access to various users and groups by defining functional roles. In best practice, an organization’s security policies dictate the level of access to each of these roles.
Organizing access based on policy lets administrators understand the hierarchical approach to implementing IAM. Fundamentally speaking, this is an industry-validated posture. However, all too often it can result in administrators and users with elevated standing privileges. Standing privileges represent a major threat to an organization; attackers recognize these opportunities and target them aggressively.
When companies scale with GCP and rely on additional administrators, users, and groups to satisfy key business drivers, their security risks are catapulted to higher levels as their attack surfaces expand. Organizations building in the Google Cloud should improve their GCP IAM by implementing the following friction-free strategies.
Strategies to Reduce Risk by Improving GCP IAM
Here are three ways to improve identity access management in GCP:
1. Use Just-in-Time (JIT) Privilege Grants
Cloud security teams now recognize JIT privilege grants as an excellent way to minimize an organization’s blast radius. When an authenticated user needs access, the user must first be authorized; only when authorized does the user’s access request move up the chain. Authorized users are granted access for a limited period of time. When the user completes the task or time expires, access is revoked. Ephemeral access facilitates zero standing privileges.
2. Implement Cloud Secrets Management
The keys that GCP manages are encrypted by default, but organizations may wish to make objects in buckets readable to the public, which means Google would decrypt the data. As a result, these keys are exposed and vulnerable to attack. What’s more, API keys, when tied to projects in GCP, are not programmatically monitored. There is no automatic way to inventory API keys for when they are created, used, and deleted. In secure cloud environments all secrets should be monitored, and, like JIT privilege grants, issued and revoked automatically only when an authenticated user is authorized.
3. Improve Cloud Visibility
We are focused on GCP here, but the reality is that many companies also use Azure, AWS, and any number of SaaS products. So while it is expected that visibility is strong in a single environment, cross-cloud visibility is ideal. GCP does provide “fine-grained access control and visibility for centrally managing cloud resources” but it could improve its ability to identify elevated permissions, standing permissions, and comprehensive user behavior. These capabilities let organizations make informed decisions: privilege right-sizing and data analytics not only augment security practices, they empower teams to make strategic business decisions based on how access is used.
Boosting GCP IAM Security
When it comes to securing public clouds, and in GCP specifically, we are still in the Wild West. Standing privileges for admins and app developers leave organizations vulnerable to exploitation. DevOps and SecOps professionals are limited by low visibility into who has which privileges and how they are used. Unused and unnecessarily broad privileges leave organizations at risk. With these challenges in mind, cloud-native and -hybrid companies can find security and success by leveraging a GCP IAM-compatible solution that enables just-in-time privilege grants, dynamic secrets management, and broader visibility into user behavior.