Reports on the last 24 hours of air traffic chaos, which has led to the cancellation of over 1,200 flights (including Rob's flight, sorry Rob) all cautiously point to a potential cyber breach. If true, this unsettling development forms part of a broader series of high-profile breaches affecting government and UK Critical National Infrastructure (CNI).
Earlier in the month Northern Ireland Police suffered from a major data breach resulting from instances where junior staff members were granted undue access privileges. The implications of this self-inflicted security breach extend far beyond the realm of data – they cast a shadow of vulnerability over dedicated police officers and staff, resonating with concerns for their safety and the integrity of their operations.
And to suitably bookend this summer of cyber attacks, in June we learnt that a misconfigured AWS S3 storage bucket, managed by Capita, exposed comprehensive benefits data belonging to residents of Colchester City Council.
These incidents spotlight the importance of secure cloud engineering practices, and specifically, an urgent need for meticulous Identity Access Management (IAM) protocols. To get our take on IAM best practices, I asked our Head of Platform Engineering, Rodrigo Nascimento to share some tips.
Best Practices for Effective Identity and Access Management (IAM)
In the realm of managing user identities and access rights, there lies a critical domain that's platform agnostic. Here at Codurance, we've honed a set of principles that serve as invaluable guidance when navigating the needs of IAM within projects.
IAM, the cornerstone of cloud workloads, has the potential to become a stumbling block if not approached properly. The repercussions of subpar practices can range from onerously granting individualised access to inadequately secured policies. Beyond the most pressing cyber risks, these pitfalls can lead to compromised user visibility, unintended access to pivotal components, and ultimately, detrimental impacts on business operations.
It's vital then to fully comprehend the art of configuring IAM users and roles adeptly within client-specific environments. This not only mitigates risk but also nurtures a more conducive working ecosystem.
Guiding Principles for IAM User Setup
Crafting Access with Least Privilege in Mind
In the diverse tapestry of project teams—spanning Engineering, Product, Sales, and more—distinct roles emerge. Each tier bears unique access prerequisites, with even sub-categories demanding tailored considerations. Whether it's frontend engineers seeking read-only access or platform teams requiring extensive write permissions, granularity is key.
Yet, granularity doesn't stop at roles; machines too exhibit varying requirements. The nuances of Lambda functions exemplify this, highlighting the need for precision. It's tempting to opt for a blanket "full access for all" approach, but this shortsighted tactic exposes your organisation to grave risk.
Adopting an approach founded on zero privileges, then incrementally adding access based on needs, emerges as a proactive countermeasure. Temporary access requirements can be met by extending existing users' roles rather than granting direct access, thanks to IAM's robust capabilities.
Your organisation will have distinctive access needs, yet adhering to the principle of least privilege forms the bedrock of a secure access control implementation.
Effective Credential Management and User Onboarding
The process of ushering new users into the system varies based on the complexity of the solution. Creating user groups with tailored permissions and then integrating new users stands as the simplest route. Ideally, this process should be automated using tools such as AWS’ Command Line Interface or Terraform.
A centralised identity provider, such as AWS SSO, Azure AD or Google SSO, aligns seamlessly with a coherent access strategy. However, integration with third-party SSOs is equally feasible.
In scenarios where a fresh slate beckons, the implementation of services such as AWS’ Control Tower or Azure/GCP’s Landing Zones, coupled with integrated SSO solutions, assures controlled access across accounts.
Mastering Root User Security and MFA
The root user, often the maiden account, should be reserved solely for establishing a "management" user—utilised exclusively for administrative duties. Once the management account is operational, the root account's credentials should be confined within a secure password vault, accessible only to authorised personnel.
Enhancing security, especially for the root user, is non-negotiable. Multi-Factor Authentication (MFA) adds a robust layer of defence. While software-based solutions like the Microsoft Authenticator App suffice for most cases, higher security mandates might necessitate FIDO security keys or Hardware MFA devices.
Codurance lives and breaths by these IAM principles. It's part of our wider Software Craftsmanship philosophy which pragmatically navigates the emerging best practices in security. If you'd like to explore more about Identity Access Management (IAM) best practices, we welcome you to connect with us. Feel free to reach out to our experts for insights, consultations, and tailored solutions.