The Non-Human Entities that Plague the Cloud
Our CEO Nati Hazut shared his thoughts on the security risks posed by non-human entities with Security Boulevard Magazine.
Security teams usually focus on human users who can expose business critical data and account credentials via SaaS apps and IaaS services. But there are many “non-human” entities that operate in the background to make cloud integrations possible but, like human users, need to be monitored and secured. These include:
- SaaS Roles–When SaaS services integrate using APIs, hackers can compromise one cloud app to steal passwords that may have been reused in other apps or can get into other apps using existing integrations.
- Security Automation Roles–When hacked, the IDaaS can create privileged entities that can act as a backdoor to your cloud infrastructure.
- PaaS Roles–These entities are monitored less frequently than humans or machines, which can be a costly mistake because they perform sensitive tasks such as deleting data, providing permissions, sending emails and accessing secrets.
- IaaS Roles–Even though machines, unlike humans, are always logged in and, in addition, are sometimes accessible directly from the internet, making them a popular target for cloud attacks, they still receive much less security attention than human users.