Protecting how you administer cloud services
No matter which cloud service you choose, there are two aspects of your security that you always have https://www.ncsc.gov.uk/collection/cloud/understanding-cloud-services/cloud-security-shared-responsibility-model” target=”_self”>some responsibility for:
- how you authenticate to the service
- how you manage the service
If an attacker compromises one of the admin accounts used to manage your cloud, this will seriously undermine any protections you’ve set up, as admins are trusted enough to overcome security controls.
In light of this, we’ve recently updated the https://www.ncsc.gov.uk/collection/secure-system-administration” target=”_self”>secure system administration guidance to cover two topics that we felt needed more explanation:
- high-risk access (where access is needed to administer a critical component of your system during normal operation)
- emergency access (where access is needed when the normal ways of administering your system are not available, also known as ‘break-glass’ access)
While these concepts apply to all IT and OT systems, this blog looks at how we think these can apply when administering a cloud service.
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
