AWS and other cloud infrastructure exposed to after attacks uncovered in the wild
Cloud networking solutions provider Aviatrix has published a new vulnerability (CVE-2024-50603) in its controller. This vulnerability allows unauthenticated actors to run arbitrary commands.
This Remote Code Execution (RCE) vulnerability, rated CVSS 10 (critical), has been exploited in the wild.
A patch is already available on GitHub. Alternatively, users can update to the secure versions 7.1.4191 or 7.2.4996.
Aviatrix’s platform enables its customers to manage and secure their cloud infrastructure across providers. It is used across AWS, Azure, GCP, and more. Including in enterprise environments.
According to researcher Jakub Korepta of SecuRing, who disclosed the vulnerability, the issue stems from improper handling of user-supplied parameters in the Aviatrix Controller’s API. A malicious actor can inject arbitrary commands to breach their target’s publicly exposed machines in the cloud.
Researchers have observed malicious actors using CVE-2024-50603 to install XMRig crypto miners and Sliver backdoors. This can potentially lead to more significant attacks on target organizations’ VMs.
Read Korepta’s technical writeup here: https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
The vulnerability in Aviatrix’s API essentially breaks the authentication mechanism, opening the door to abuse by attackers.
“We see that sometimes even the best lock on the door can be made ineffective, like in this case where the authentication mechanism is broken,” says Apono CTO and Co-founder Ofir Stein. “This is an important reminder of why we must adopt a layered approach to securing our infrastructure. Apono enables organizations to implement Just-in-Time access to their networking tools, allowing them to add a critical layer of protection.”
Organizations often struggle to secure their cloud resources. Due to their dependence on cloud service providers controlling the infrastructure and the sheer scale of their cloud, they lack critical visibility into what they have in their cloud. Moreover, they have great difficulty understanding who has access to which resources, which impedes their ability to control access.
Even though visibility and access control have always been challenges in security, the cloud service providers’ shared responsibility model places the organization’s responsibility for the sprawling infrastructure with its complex and diverse permissions squarely on its shoulders.
While authentication is a critical element of security, the industry understands that it is insufficient to ensure protection against attacks. Security needs to be designed in layers. This is why we have seen the growth of MFA as part of system building and the development of cross-industry regulations.
However, in this case, and many others, vulnerabilities in the authentication mechanism or clever social engineering ploys can enable attackers to bypass even the most capable authentication protections, leaving resources exposed.
Effective access control mechanisms, like Just-in-Time, are essential in reducing the attack surface. When technical failures like this CVE occur, organizations can mitigate risks from a breach or abuse by limiting access to sensitive resources like administrative controls.
Contact one of our experts today to learn more about Apono’s Cloud Access Platform.
Even the simplest mistakes can leave your data wide open to cyber threats. If the worst happens and there’s an attack, cybercriminals gain free-for-all access to your cloud resources.
They tamper with your data, disrupt workflows, and steal sensitive information, meaning the need for Privileged Access Management (PAM) best practices are more indispensable than ever for any robust cloud security strategy. According to a recent study, the global PAM market is expected to grow from $2.9 billion in 2023 to $7.7 billion by 2028, cementing its position in the cybersecurity landscape.
Privileged Access Management (PAM) centers on securing privileged accounts with elevated permissions. It is a cybersecurity strategy that controls and monitors access to critical systems and sensitive information from unauthorized access. Without it, privileged accounts can become the primary targets for cybercriminals, putting the entire organization at risk.
Here’s how PAM works in a nutshell:
Applications, automated processes, and IT systems commonly use service accounts. Consider the devastating SolarWinds hack in 2020, where attackers found vulnerabilities in the service accounts and gained access to critical data and systems.
Domain administrator accounts have full control over an organization’s IT infrastructure, making them attractive targets for attackers. An example is the Microsoft Exchange Server attacks in early 2021, where hackers gained control through privileged accounts, escalating their access across domains.
Break-glass accounts are special accounts that can bypass authentication, monitoring processes, and standard security protocols. If not properly managed, they present significant risks.
In implementing Privileged Access Management (PAM) best practices, you must ensure that access to critical resources is both temporary and purposeful. Often, privileges are left open long after a task is completed, such as contract or consulting engineers retaining production permissions and indefinite access to sensitive data lakes.
As your business grows, so does the complexity of managing privileges, especially in environments with many resources and frequently changing requirements. A solution that works for an organization of ten might crumble under an organization of 1,000. In this case, managing permissions for each cloud resource every time access is required becomes inefficient.
Another PAM implementation challenge is managing access to sensitive data while ensuring privacy. Many solutions require storing or caching sensitive credentials, posing a data security risk.
Implementing strong password policies can help reduce the chances of credential theft. Use complex, unique passwords and enforce regular password rotations. Employees should already know to steer clear of the classic phone numbers or dates of birth!
PoLP is and has always been the first principle of the cloud. The principle of least privilege states that users should only have the minimum level of access necessary to perform their tasks. In other words, a user who does not need admin rights should not have them.
IAM allows organizations to define who can access resources under what conditions. Role-Based Access Control (RBAC), on the other hand, helps manage who has access to cloud resources by defining roles and associating them with the required permissions.
For example, in AWS, you can create custom IAM roles for developers, admins, and security personnel, each with tailored permissions. Use managed policies and avoid using root accounts for daily operations.
Another best practice is to use multiple forms of verification (e.g., a mix of your password and biometric scan, a time-based code from your device, or a hardware token) before gaining access to privileged accounts. MFA adds an extra layer of security, reducing the risk of compromised credentials by requiring something the attacker doesn’t have. So, even when attackers get hold of your credentials, they still won’t be able to gain access to your account.
Integrate MFA into your Privileged Access Management (PAM) solution for all privileged accounts and enforce it for high-risk accounts like administrators or service accounts. You can use cloud-specific solutions like AWS MFA, Azure Multi-Factor Authentication, or Google Cloud’s Identity Platform.
Over 68% of security breaches are caused by human errors. Manually managing access can cause these errors, particularly as your organization scales. Use automation tools like Apono to ensure that permissions are granted and revoked in a timely, accurate, and consistent manner.
Encrypting privileged access is essential for maintaining confidentiality, especially for access to sensitive data and resources. This best practice ensures the data remains secure even if an attacker gains unauthorized access to privileged credentials.
Encryption protocols like AES-256 protect sensitive data in transit and at rest. Another tip is to ensure that cloud credentials, secrets, and other sensitive data are stored securely in encrypted vaults such as AWS Secrets Manager, Azure Key Vault, or Google Cloud Secret Manager.
Segmenting critical systems limits access to sensitive data. It reduces the risk of lateral movement in case of a breach, involving isolating high-risk systems and implementing access control for every segment of your workload. This way, your organization can ensure that unauthorized users cannot easily traverse the entire network, making it even harder for attackers to compromise multiple systems at once.
Privileged users should be trained on security best practices, as they play a vital role in managing sensitive systems and resources. The training could focus on the latest external and insider threats, including phishing, malware, and social engineering tactics, with real-world examples of how mishandled privileges can lead to breaches. Rewarding users who identify vulnerabilities or report suspicious activity can encourage proactive behavior.
Cloud environments often require privileged users to access programmatic APIs, which requires secure handling. In this example, training should highlight best practices for securing API keys using tools like AWS Secrets Manager or Azure Key Vault.
For developers, additional emphasis should be placed on avoiding hardcoding credentials into code or scripts, as these can easily be leaked or exploited. Take a look at this Python script, which exposed the AWS access and secret keys:
If the above code is shared, pushed to a public repository (e.g., GitHub), or leaked, anyone with access to it can misuse your AWS credentials. Alternatively, you can use a secrets management tool like AWS Secrets Manager to securely store and access credentials:
Finally, effective training is not a one-time event but an ongoing process. Cloud security is an ever-evolving field; privileged users must stay updated on emerging threats and best practices. Providing documentation, maintaining an up-to-date knowledge base, and delivering periodic refresher training ensures that users remain informed and vigilant.
Failing to implement Privileged Access Management (PAM) best practices is like leaving the keys to your castle lying out in the open. As we’ve explored, PAM is crucial for controlling and monitoring access to your most critical assets, preventing devastating breaches that can disrupt operations, compromise sensitive data, and damage your reputation.
With Apono, you can reduce your access risk by a huge 95% by removing standing access and preventing lateral movement in your cloud environment. Apono enforces fast, self-serviced, just-in-time cloud access that’s right-sized with just-enough permissions using AI.
Discover who has access to what with context, enforce access guardrails at scale, and improve your environment access controls with Apono. Book a demo today to see Apono in action.
It’s 9:00 AM, and your team is ready to tackle the day. But before they can start, access issues rear their ugly head. A developer can’t get into the staging server and IT is buried under a mountain of permission requests. Sounds familiar?
Employees lose up to five hours weekly on IT access issues, while IT teams spend 48% of their time handling manual provisioning. These inefficiencies cost both time and valuable progress.
So, how do you fix it? Enter Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), two powerful frameworks that streamline managing permissions.
Role-Based Access Control (RBAC) is a no-nonsense way to manage who gets access to what in your organization. Instead of juggling permissions for every individual user (which gets messy fast), you create roles based on job functions. Then, you assign permissions to those roles, not people.
RBAC is about keeping control without wasting time or risking data loss. Want to prevent an intern from accidentally messing with your production environment? RBAC has your back.
RBAC works because it’s predictable. It reduces human error, keeps access levels consistent, and makes audits straightforward. Plus, it’s scalable. Whether you have a team of 10 or 10,000, RBAC helps you avoid access sprawl while keeping your environment secure.
Attribute-Based Access Control (ABAC) takes access management up a notch by adding context to permissions. Instead of just asking, “What’s your role?” ABAC asks, “Who are you? Where are you? What are you trying to do, and why?” ABAC best practices offer a more flexible and detailed approach designed for situations where a simple role doesn’t cut it.
ABAC shines in complex environments where access needs depend on more than just job titles. Think about healthcare systems, where a doctor might need access to patient records but only for patients they’re actively treating. Or global organizations, where access policies might depend on a user’s location, time of day, or even their device. ABAC adds these layers of nuance, ensuring access is granted under the right conditions.
Each model has unique strengths, and choosing the right one depends on your organization’s needs.
Pros:
Cons:
Pros:
Cons:
Feature | RBAC | ABAC |
Ease of Implementation | Simple to set up, predefined roles | Requires detailed policy setup |
Flexibility | Limited, based on static roles | Dynamic, context-aware |
Scalability | Good for clear hierarchies | Best for complex environments |
Management | Straightforward but prone to role sprawl | Complex and requires expertise |
Performance Impact | Minimal resource demands | Higher due to real-time evaluations |
Best Fit For | Organizations with clear, stable job roles | Dynamic, high-stakes environments |
Choosing between RBAC vs. ABAC depends on your organization’s size, complexity, and specific access control needs. Each model serves a purpose, and the best choice often depends on the context in which you operate. Both RBAC and ABAC fit into wider zero trust strategies by enforcing least privilege principles. Here’s a breakdown of when to use RBAC, ABAC, or a mix of both.
RBAC is the better fit if:
Example: A mid-sized retail company uses RBAC to manage employee access to point-of-sale systems, inventory databases, and HR portals. Employees in the “Store Manager” role get broad permissions, while “Cashiers” only access sales tools.
ABAC is the clear choice if:
Example: A multinational bank adopts ABAC to grant access based on department, location, and user clearance levels. A branch manager in New York might access regional reports, while one in London is restricted to EU-specific data.
In some cases, a hybrid approach makes the most sense. Many organizations use RBAC as the foundation for day-to-day operations but layer ABAC on top for more sensitive or nuanced scenarios. For instance:
Example: A tech company uses RBAC to give engineers access to development tools while using ABAC to ensure that senior engineers can only access production servers during deployments on secure devices.
RBAC and ABAC each bring unique strengths to access control, and the right choice depends on your organization’s needs. RBAC offers simplicity and predictability, while ABAC delivers unmatched flexibility for dynamic environments.
Apono makes managing both RBAC and ABAC seamless. By automating access flows with features like Just-In-Time permissions and granular, self-serve controls, Apono ensures that your team stays productive without compromising security. Whether you need to simplify compliance or eliminate standing permissions, Apono integrates with your stack in minutes, helping you confidently scale access management.
Book a demo to see Apono in action today.
Another re:Invent has come to a close and as always, the largest AWS event of the year leaves us with a lot to think about.
First off, here are a few words from our CEO, Rom thanking everyone for making the conference such an incredible success:
Based on what we saw, a couple major trends seem to be emerging coming out of the conference:
When it comes to cloud security, identity is the new frontier:
With identity-based attacks on the rise and growing utilization of sensitive and proprietary data in the cloud for AI experimentation, getting identity right has emerged as a critical priority for organizations with mature cloud footprints. Approaches to identity and access management must provide appropriate compensating controls to balance increased risk without hampering business operations, driving innovation across both the AWS ecosystem and cloud security partners.
Given Apono’s position at the forefront of the space, we were thrilled to see many of the organizational priorities that we’ve partnered with customers to achieve get serious attention at this year’s conference, both in sessions and in conversations with cloud and technology leaders.
Data Classification and Management
Another key initiative which received significant attention centered on better understanding what data organizations are collecting, where it resides and how it can and should be leveraged.
Workflows and processes to improve data management and classification are critical for ensuring effective and safe training/adoption of LLMs in an enterprise setting. New challenges and use cases in this area are ushering in next-gen approaches for everything from backup to cost optimization to access control.
Over the next year, smarter classification and categorization of data will enable more performant applications of the latest AI models as well as opportunities to employ more streamlined and efficient approaches to data security and access.
It all comes back to AI
Belief in the transformative impact AI will have across industries remains front and center. Empowering fast, secure and flexible adoption of the latest models is a clear imperative for AWS and their customers.
That manifests in the explosion of new technologies that are supporting that goal as well as the strategic investments AWS and its partners are making to ensure that organizations have the flexibility and optionality to adopt AI in a way that makes sense – avoiding potential dependence on any one model or manufacturer.
Prevailing sentiment indicates that the gold rush is just getting started, and prospectors will have plenty of options when it comes time to stock up on picks and shovels.
Stay tuned as we continue exploring these trends and providing solutions that keep you at the forefront of cloud innovation.
In this edition, Rom discusses four essential capabilities to consider when using a solution to manage cloud privileges and access to resources. He emphasizes the importance of visibility across all cloud access, planning for scale upfront, speaking the language of both security and DevOps, and ensuring easy onboarding and fast adoption.
These four points are a great starting point for making the right PAM buying decision.
The importance of having discovery capabilities that continuously monitor the dynamically expanding cloud environment as it changes is crucial.
Cloud environments are highly dynamic, with new assets, users, and access points being created and modified continuously. This fluidity introduces both opportunities and risks, making visibility across all cloud access an indispensable component of any robust security and compliance strategy.
Scale is a significant reason for moving to the cloud, and a solution that can automatically scale with the environment is necessary.
When choosing a Privileged Access Management (PAM) solution, planning for scale upfront is a strategic necessity. Organizations increasingly adopt cloud environments for their ability to dynamically scale to meet evolving business demands. Similarly, a PAM solution must align with this scalability, ensuring it can handle growing workloads, users, and access requirements without compromising performance, security, or manageability.
Rom emphasizes that a successful PAM solution must seamlessly integrate with DevOps workflows while enabling security teams to enforce access guardrails that align with business needs.
By adopting a PAM solution that “speaks the language” of both teams, organizations can foster collaboration and reduce friction in their operations.
One of the most overlooked factors in cloud access management is the ease of onboarding. A solution that aligns with how users work ensures quicker adoption and faster ROI.
When onboarding is simple, and the solution integrates seamlessly with existing workflows, users are more likely to embrace it, ensuring its success in the long term.
While many factors influence the choice of a cloud access management solution, these four capabilities—visibility, scalability, integration, and simplicity—are indispensable. As Rom aptly puts it:
“These capabilities are your foundation for success in managing cloud privileges and access. By starting here, organizations can make informed decisions and build a secure, scalable, and user-friendly cloud environment.”
By focusing on these priorities, organizations can safeguard their assets, enhance operational efficiency, and maximize the value of their cloud investments.
We recently started a new blog series featuring our CEO and co-founder Rom Carmel. In this series, we discuss real issues from the field. So, check out what Rom Carmel has to say about the three complaints he hears the most in access management.
“I speak to CISOs and security leaders all the time. There’s a lot they want to fix about the way identity works today, especially in their cloud environments. The three most common complaints I hear are listed below.”
Organizations are juggling a growing array of systems, tools, and data. While these resources are essential for productivity and innovation, they also come with significant risks. One of the most overlooked yet critical risks is excessive standing privileges—permissions that employees or systems retain long after they’re needed.
This issue isn’t just about tidiness in managing permissions; it’s about security, resilience, and minimizing potential damage during an incident. Every person with access they don’t need right now is a liability, creating unnecessary risk and potentially catastrophic consequences.
Standing privileges are like leaving all the doors in a house unlocked because someone might need to use one in the future. While convenient, it dramatically increases the potential for a break-in.
Here’s how excessive privileges create compounding risks:
Granting broad access “just in case” or failing to revoke permissions when they’re no longer needed is common. It’s often rooted in a combination of trust and convenience:
However, these rationalizations ignore the reality of modern security threats. Trust is not a control, and convenience is no defense against attackers who thrive on exploiting lapses in access management.
Organizations need to shift to a least privilege model, granting users and systems only the permissions necessary to perform their current tasks. When access is no longer needed, it should be revoked immediately. Here’s how to approach this transformation:
Standing privileges are a ticking time bomb, unnecessarily inflating the potential impact of security incidents. By adopting a least privilege approach, implementing dynamic access controls, and fostering vigilance, organizations can dramatically reduce their exposure to risk.
In a world where cyberattacks are inevitable, the size of the blast radius is something you can—and must—control. Every unnecessary access point closed is another step toward a more resilient, secure future.
Don’t wait for an incident to expose the gaps in your access management strategy. Act now to shrink the blast radius and protect your organization.
Reducing user permissions is one of the most challenging tasks in access management. Engineers and other privileged users often resist the idea, fearing it will slow them down or hinder their ability to work effectively. And let’s be honest—they’re not entirely wrong.
Permissions often feel like tools of efficiency: the more you have, the less you need to wait for approvals or navigate access bottlenecks. But what’s often overlooked is the hidden cost of excessive permissions: increased security risks and operational chaos during incidents.
The good news? It’s possible to balance security and productivity if we approach the issue with the right mindset.
Excessive permissions are a liability. Each unnecessary access point expands the potential damage of a breach. Attackers and malware don’t care if permissions are unused; they exploit them the moment they’re available. Reducing permissions isn’t about making life harder—it’s about protecting systems and people.
Start by involving the users affected. Engineers, developers, and admins know their workflows best. Work with them to understand their needs and identify areas where permissions are genuinely required versus where they’ve become “nice to have.”
Adopt Just-In-Time (JIT) access models that grant permissions for specific tasks or timeframes. This way, users can still get the access they need without holding on to it indefinitely.
Explain the risks of standing permissions clearly. Users are more likely to accept changes when they understand the stakes—both for the organization and for their own work.
Demonstrate how well-implemented access controls can streamline operations. For example, automated request systems or pre-approved workflows can reduce the time spent chasing approvals.
Reducing user permissions is never going to be entirely painless, but it doesn’t have to be disruptive. By involving users in the process, implementing temporary solutions, and focusing on clear communication, organizations can create a secure environment without sacrificing productivity.
After all, the goal isn’t to limit capability—it’s to ensure that the right people have the right access at the right time.
Managing access in today’s tech landscape often feels like a scavenger hunt. You’re working in your Identity Provider (IDP), navigating multiple cloud environments, diving into databases, configuring servers, and manually tweaking policies across your infrastructure. Each step adds complexity, making it difficult to enforce secure policies and turning access audits into a logistical nightmare.
This fragmented approach doesn’t just slow you down—it also increases risk. When there’s no centralized way to manage access, it’s easy for permissions to slip through the cracks, leading to over-privileged accounts and potential vulnerabilities.
Centralized access management isn’t just about convenience—it’s about creating a safer, more efficient environment for your teams. With Apono, you can reduce friction, enforce least privilege, and maintain security without the headaches of juggling countless tools.
It’s time to simplify access and focus on what really matters.
We built Apono to solve these exact challenges. With Apono, your team can:
Recent studies indicate that more than 80% of organizations have experienced security breaches related to their CI/CD processes, highlighting the critical need for comprehensive access management strategies.
As development teams embrace automation and rapid deployment cycles, the attack surface for potential security vulnerabilities expands exponentially. The CI/CD pipeline presents a particularly attractive target for malicious actors. By compromising this crucial infrastructure, attackers can potentially inject malicious code, exfiltrate sensitive data, or disrupt entire development workflows. Consequently, implementing stringent access controls and security measures throughout the CI/CD pipeline has become a top priority for organizations aiming to safeguard their digital assets and maintain customer trust.
As we navigate through the complexities of securing CI/CD pipelines, it’s crucial to recognize that access management is not a one-time implementation but an ongoing process that requires continuous refinement and adaptation. With the right strategies in place, organizations can strike a balance between security and agility, fostering innovation while maintaining the integrity of their software delivery processes.
The continuous integration and continuous delivery (CI/CD) pipeline forms the backbone of modern software development practices, enabling teams to rapidly iterate and deploy code changes with unprecedented efficiency. However, this increased velocity also introduces new security challenges that organizations must address to protect their digital assets and maintain the integrity of their software delivery process.
At its core, CI/CD pipeline security encompasses a wide range of practices and technologies designed to safeguard each stage of the software development lifecycle. This includes securing code repositories, build processes, testing environments, and deployment mechanisms. By implementing robust security measures throughout the pipeline, organizations can minimize the risk of unauthorized access, data breaches, and the introduction of vulnerabilities into production systems.
One of the primary objectives of CI/CD pipeline security is to ensure the confidentiality, integrity, and availability of code and associated resources. This involves implementing strong access controls, encryption mechanisms, and monitoring systems to detect and respond to potential security incidents in real-time. Additionally, organizations must focus on securing the various tools and integrations that comprise their CI/CD infrastructure, as these components can often serve as entry points for attackers if left unprotected.
Another critical aspect of CI/CD pipeline security is the concept of “shifting left” – integrating security practices earlier in the development process. This approach involves incorporating security testing, vulnerability scanning, and compliance checks into the pipeline itself, allowing teams to identify and address potential issues before they reach production environments. By embedding security into the CI/CD workflow, organizations can reduce the likelihood of vulnerabilities making their way into released software and minimize the cost and effort required to remediate security issues post-deployment.
It’s important to note that CI/CD pipeline security is not solely a technical challenge but also requires a cultural shift within organizations. DevOps teams must adopt a security-first mindset, with developers, operations personnel, and security professionals working collaboratively to address potential risks throughout the software development lifecycle. This collaborative approach, often referred to as DevSecOps, ensures that security considerations are integrated into every aspect of the CI/CD process, from initial code commits to final deployment and beyond.
As we delve deeper into the specifics of access management for DevOps and securing CI/CD pipelines, it’s crucial to keep in mind the overarching goal of maintaining a balance between security and agility. While robust security measures are essential, they should not impede the speed and efficiency that CI/CD pipelines are designed to deliver. By adopting a holistic approach to pipeline security, organizations can protect their valuable assets while still reaping the benefits of modern software development practices.
By implementing robust access control mechanisms, organizations can ensure that only authorized individuals and processes have the necessary permissions to interact with various components of the pipeline.
Implementing strong identity management practices is crucial for maintaining the security and integrity of the pipeline. This involves:
Authentication mechanisms verify the identity of users and services attempting to access pipeline resources. Modern authentication protocols, such as OAuth 2.0 and OpenID Connect, provide secure and standardized methods for verifying identities and granting access tokens. These protocols enable seamless integration with various CI/CD tools and cloud services while maintaining a high level of security.
Once identities are established and authenticated, the next critical component is authorization – determining what actions and resources each identity is permitted to access within the CI/CD pipeline. Effective authorization strategies include:
Implementing these authorization mechanisms requires careful planning and ongoing management to ensure that access rights remain appropriate as team structures and project requirements evolve.
CI/CD pipelines often require access to sensitive information such as API keys, database credentials, and encryption keys. Proper secrets management is essential for protecting these valuable assets:
By centralizing secrets management and implementing strong encryption and access controls, organizations can significantly reduce the risk of unauthorized access to sensitive information within their CI/CD pipelines.
Comprehensive logging and monitoring capabilities are crucial for maintaining visibility into access patterns and detecting potential security incidents within the CI/CD pipeline:
These logging and monitoring capabilities not only aid in detecting and responding to security incidents but also provide valuable insights for optimizing access management policies and identifying areas for improvement within the CI/CD pipeline.
By focusing on these key components of access management – identity and authentication, authorization and access control, secrets management, and audit logging and monitoring – DevOps teams can establish a robust security foundation for their CI/CD pipelines.
Implementing Least Privilege Access
The principle of least privilege is a fundamental concept in access management that plays a crucial role in securing CI/CD pipelines within DevOps environments. This approach involves granting users, processes, and systems only the minimum level of access rights necessary to perform their required tasks. By limiting access to the bare essentials, organizations can significantly reduce the potential impact of security breaches and minimize the risk of unauthorized actions within the pipeline.
Implementing least privilege access in CI/CD pipelines offers several key advantages:
To effectively implement least privilege access within CI/CD pipelines, organizations should consider the following strategies:
While implementing least privilege access offers significant security benefits, it’s important to be aware of potential challenges:
Apono is designed to simplify and enhance security for CI/CD pipelines in DevOps by providing granular, automated access management. Here’s how Apono contributes to securing CI/CD pipelines:
1. Temporary and Least-Privilege Access
Apono enables developers to access resources (e.g., databases, cloud environments, or APIs) on a need-to-use basis and for limited timeframes. This reduces the risk of unauthorized access and minimizes the impact of compromised credentials.
Role-based access control (RBAC) and policies are applied to enforce least-privilege principles, ensuring that no entity has unnecessary or excessive permissions.
2. Secure Secrets Management
CI/CD pipelines often require secrets like API keys, database credentials, and tokens. Apono integrates with secret management tools and helps secure these secrets by automating their retrieval only at runtime.
Secrets are securely rotated and never hardcoded into repositories or exposed in logs, reducing the attack surface.
3. Integration with DevOps Tools
Apono integrates seamlessly with popular CI/CD tools such as Jenkins, GitLab CI/CD, GitHub Actions, and Azure DevOps. This ensures that security is embedded in the workflow without disrupting developer productivity.
Automated approval flows within pipelines ensure that critical steps requiring elevated permissions are securely executed without manual intervention.
New York City, NY. November 21, 2024 – Apono, the leader in cloud permissions management, today announced an update to the Apono Cloud Access Platform that enables users to automatically discover, assess, and revoke standing access to resources across their cloud environments. With this release, admins can create guardrails for sensitive resources, allowing Apono to process requests and quickly provide Just-in-time, Just enough access to users when needed. Today’s update will be available across all three major cloud service providers, with AWS being the first to launch, followed by Azure and Google Cloud Platform.
“Today’s update enriches the Apono Cloud Access Platform with a unique combination of automated discovery, assessment, management, and enforcement capabilities,” said Rom Carmel, CEO and Co-founder of Apono. “With deep visibility across the cloud, seamless permission revocation, and automated Just-in-time, Just-Enough Access, we eliminate one of the largest risks organizations face while ensuring development teams can innovate rapidly with seamless access within secure guardrails. This powerful combination is essential for modern businesses, unlocking a new level of security and productivity for our customers.”
Privileged access within the cloud has long been a prime target for cybercriminals, enabling them to swiftly escalate both horizontally and vertically during a breach. However, security teams have lacked a comprehensive visibility and remediation approach to eliminate existing standing access, leaving critical resources vulnerable. As a result, security teams have been reluctant to revoke existing standing access due to the risk of impacting the day-to-day needs of their users, which could ultimately hamper business operations across the organization if access was removed without a means to regain access during critical moments.
Today’s update allows users to overcome this challenge by enabling security teams to:
“Over-privileged access is one of the most significant risks to identity security that organizations face today, and it’s made even more challenging to manage by expanding cloud environments. At the same time, to keep pace, organizations need to grant permissions dynamically to support day-to-day work. This creates a complex obstacle: how can an organization grant the necessary access for productivity while also enhancing its identity security?” said Simon Moffatt, Founder and Analyst, The Cyber Hut.
“With this in mind, delivering Just-in-Time and Just-Enough Access across cloud services should be the goal of modern identity management. An approach to solve this will help companies significantly reduce their attack surface while ensuring a seamless access experience for their workforce.”
Apono will deliver in-person demonstrations of today’s update and the full Apono Cloud Access Platform during AWS re:Invent from December 2-6 . Click here to learn more.
For more information, visit the Apono website here: www.apono.io.
About Apono:
Founded in 2022 by Rom Carmel (CEO) and Ofir Stein (CTO), Apono leadership leverages over 20 years of combined expertise in Cybersecurity and DevOps Infrastructure. Apono’s Cloud Privileged Access Platform offers companies Just-In-Time and Just-Enough privilege access, empowering organizations to seamlessly operate in the cloud by bridging the operational security gap in access management. Today, Apono’s platform serves dozens of customers across the US, including Fortune 500 companies, and has been recognized in Gartner’s Magic Quadrant for Privileged Access Management.
Media Contact:
Lumina Communications
Organizations lose $16.2 million annually (up from $15.4 million) due to insider threats. Many businesses still can’t prevent these threats effectively. Malicious or negligent employees continue to risk sensitive data and systems despite strong external security measures. Security professionals must solve a big challenge – protecting against insider threats while keeping operations running smoothly.
Organizations face a rising wave of insider threats. Recent data reveals that 76% of organizations now report insider attacks, up from 66% in 2019. Business and IT complexities make it harder for organizations to handle these risks effectively.
In 2023, 60% of organizations reported experiencing an insider threat in the last year. The number of organizations dealing with 11-20 insider attacks grew five times compared to the previous year. Containing these incidents remains challenging. Teams need 86 days on average to contain an insider incident, and only 13% manage to do it within 31 days.
Insider threats create ripple effects throughout organizations. Financial data stands out as the most vulnerable asset, with 44% of organizations listing it as their top concern. The costs hit organizations differently based on their size. Large organizations with over 75,000 employees spend average costs of $24.60 million. Small organizations with fewer than 500 employees face costs around $8.00 million.
Malicious insiders often use these attack methods:
Cloud services and IoT devices pose the biggest risks for insider-driven data loss. These channels account for 59% and 56% of incidents respectively. This pattern shows how modern workplace infrastructure creates new security challenges. Organizations struggle to maintain reliable security controls in distributed environments.
Least privilege access is the life-blood of any insider threat prevention strategy. This approach substantially reduces an attack surface and streamlines processes. The principle of least privilege (PoLP) ensures users, services, and applications have exactly the access they need – nothing more, nothing less.
Successful implementation of least privilege starts with understanding its fundamental principles. Users should only access specific data, resources, and applications needed to complete their required tasks. This strategy works especially when you have organizations that need protection from cyberattacks and the financial, data, and reputational losses that follow security incidents.
Role-Based Access Control (RBAC) serves as a main framework to enforce least privilege principles. RBAC offers a well-laid-out approach where administrators assign permissions to roles and then assign roles to users. Here’s a proven implementation approach:
This framework has shown remarkable results by eliminating individual permission handling and streamlining access management.
Security posture improves after adopting Just-in-Time (JIT) access management. Users receive access to accounts and resources for a limited time when needed. JIT access substantially reduces risks associated with standing privileges where users have unlimited access to accounts and resources.
JIT access implementation has delivered impressive results. It improves organizational compliance and simplifies audits by logging privileged-access activities centrally. Teams maintain tight security without sacrificing operational productivity by controlling three critical elements—location, actions, and timing.
This all-encompassing approach to least privilege access creates reliable defense against insider threats. Teams retain the access they need to perform their duties effectively.
An insider threat prevention strategy should include strong technical controls and advanced tools that work seamlessly with a least privilege framework. It’s necessary to complete defense against potential insider threats by combining sophisticated monitoring capabilities with automated management systems.
Modern access management solutions such as Apono give us unprecedented visibility into user behavior and potential risks. This includes detecting and blocking suspicious activities immediately through advanced threat analytics, while privacy controls help maintain compliance and user trust. These solutions prevent data exfiltration through common channels such as USB devices, web uploads, and cloud synchronization. The endpoint controls adjust based on individual risk profiles.
Automated access review tools have changed how companies manage user privileges. These solutions maintain security and reduce the time spent on typical reviews by up to 90%. The automation capabilities include:
The automated tools use sophisticated algorithms and predefined rules to perform user access reviews with minimal human involvement. These tools work especially when you have large-scale operations.
Building measurement systems that work is vital to prove an insider threat prevention strategy right. This detailed approach to measuring success helps show the program’s value and spots areas that can be improved.
The way to measure an insider threat program’s effectiveness depends on the organization’s specific needs and business goals. This KPI framework uses both operational and programmatic metrics to paint a complete picture, tracking:
Reports are the foundations of any compliance strategy. It’s important to find a solution that creates detailed reports that track user access patterns, exceptions, and review outcomes. This structure helps to stay compliant with various regulatory frameworks including GDPR, HIPAA, and SOX.
A multi-layered approach needs least privilege access, strong technical controls, and detailed measurement systems to prevent insider threats. Companies can reduce their attack surface and still work efficiently when they use role-based frameworks and just-in-time management for least privilege access. Multiple layers of protection against potential insider threats emerge from advanced monitoring tools and automated access reviews that strengthen these defenses.
These strategies combine to build strong defenses against the growing insider threat challenge. Organizations can safeguard their sensitive data and systems while creating productive work environments by carefully putting these practices in place. The detailed approach helps cut down the huge financial cost of insider incidents, which now average $15.4 million annually.
It’s not that often that a story about a Joiner-Mover-Leaver (JML) failure makes the international news.
But throw in an insider threat actor making potentially life-threatening changes to the impacted systems, and it becomes quite the doozy.
Especially when the company at the center of the story is Disney.
In case you missed it, a former menu production manager named Michael Scheuer was fired in June for alleged misconduct. According to the reports, his departure was not a friendly one.
Things only deteriorated from there. Scheuer is alleged to have used his credentials to the 3rd-party menu creation software that he used during his employment at Disney to make numerous changes to Disney’s menus.
And here’s the weird part. He apparently did this over the course of three months.
While some of his changes ranged from the dumb—such as replacing text with Wingdings symbols—to the obnoxious with changes to menu prices and inserting profanity, it was his marking of items that contained peanuts as safe for people with life-threatening allergies that crossed the line into the potentially deadly.
Luckily, none of the altered menus are believed to have made it out to the public. Scheuer currently has a criminal complaint against him in a Florida court.
Beyond the anger at Scheuer for putting lives at risk, my next feeling here is a bit of confusion.
What happened in Disney’s offboarding process that allowed Scheuer to hold onto his access to this 3rd-party system for three months?
In most cases when someone leaves a company, his or her access to company information and systems is cut off. This is the correct and common practice in all cases, regardless of whether the separation is amicable.
Especially in cases where the parting is on bad terms, this is especially important to follow through on to prevent them from stealing or damaging company data and systems on the way out.
Without knowing the full details of the case, my best guess is that Scheuer was likely disabled in Disney’s Identity Provider (IdP). Popular IdPs such as Microsoft’s Active Directory/Entra ID or Okta allow the administrator to disable a user’s access to resources managed through the IdP.
In an era of Single Sign-On (SSO), managing access to your resources via the IdP makes a ton of sense. The centralization is pretty great for admins, and users save valuable time on logging in.
But it’s not hermetic from a JML standpoint.
Even if Scheuer’s access to the menu-creation software was disabled in the IdP, he still had his credentials that allowed him to login to a 3rd-party platform that was not owned by Disney.
This means that Disney’s security and IAM teams did not have the visibility to see that he still had access. And more to the point, that his access there was still active.
For. Three. Months.
To be fair to Disney’s team, this is a hard problem that their tools would not have easily solved.
Add to this that from a standard risk perspective, ensuring that this menu creation software was locked up tight was probably not a priority.
Normally when we think about risk management, we know where to initially direct our focus.
Start with the crown jewels. These are going to be resources that are:
Menu-creation software, especially if it is not owned by your company, does not fall into any of these categories.
And yet, here we are talking about it.
While Disney thankfully prevented any harm from happening to their customers, this story is not great for their brand. Remember that this could have been a lot worse.
It reminds us that even those resources and systems that don’t rank as crown jewels still need to be protected. The choice is not between protecting the highest risk resources while leaving the less sensitive ones unguarded.
As we’ve seen here, all resources need at least some level of monitoring and protection.
At the same time, we don’t want to go overboard.
Placing too much friction on access to resources can slow down productivity, which can have real dollars and cents costs on the business.
The fact is that we need to strike a balance between making sure that workers have the access they need to get their jobs done efficiently while keeping a lock on:
At the core of the issue is understanding that every resource presents some level of risk that needs to be managed. That risk will not always be apparent as in this case. But it still needs to be accounted for and addressed.
So how could this have been handled differently?
Looking at this case, we run into a couple of interesting challenges:
Let’s take them one-by-one.
So first of all, we need to break out of the binary mindset and embrace one that looks at access and security as matters of degree. This means recognizing that every resource has some level of risk, and that even lower risk resources need a level of protection.
In this specific case, we wouldn’t want to restrict access to this software too heavily since it does not fall into the crown jewels category and was probably used all day, every day by the menu creation team. Practically, this means that we would want to make access here self-serve, available upon request with minimal friction.
However, by moving it from a state of standing access to one where the employee would have to be logged into his IdP and make a self-serve JIT request through a ChatOps platform like Slack or Teams, we’ve already added significantly more protection than we had before.
Legitimate employees will not have to wait for their access request to be approved by a human, and provisioning would be near instantaneous, letting them get down to work.
You can learn more about Apono’s risk- and usage-based approach from this explainer video here.
This one is tricky if you are dependent on identity-management platforms like an IdP where your perspective is one of who has access to what.
Sometimes the right question is what is accessible to whom.
Access privileges are the connection between the identity and the resource, and it needs to be understood from both directions for effective security operations.
So even if access to the menu-creation software was disabled from the IdP, the credentials were still valid from the 3rd-party’s side.
This left the security team blind to this important fact and unable to centrally manage the offboarding from their IdP.
As an access management solution that connects not only to customers’ IdPs but also to their resources, Apono has full visibility over all access privileges, and enables organizations to revoke all access from the platform.
It is absurdly common for threat actors to maintain persistence inside of their targets’ environments for long stretches of time. But usually they use evasion techniques to fly under the radar.
Scheuer was making active changes to menus over three months. Meaning that he was regularly accessing the menu-creation software. This should have raised some flags that something was going on. But let’s put that aside for a moment.
When users connect their environments to Apono’s platform, all access is monitored and audited. This enables organizations to not only satisfy auditors for regulations such as SOX, SOC II, HIPAA, and more. It also allows them to get alerts to anomalous access requests and respond faster to incidents.
It is almost a cliche at this point, but access management in the cloud era is confoundingly challenging as teams try to keep pace with the scale and complexity of IAM controls across a wide range of environments.
Thankfully in this case, tragedy was avoided and the suspect apprehended. As someone with a peanut allergy myself, this story struck close to home. Cyber crime always has consequences, but a clear line was crossed here and the accused is lucky that he failed.
To learn more about how Apono is taking a new approach to risk-based access management security that takes on the scale of the enterprise cloud, request a demo how our platform utilizes risk and usage to drive more intelligent processes that enable the business to do more, more securely.