It seems that almost every day we’re hearing of new cloud security terms and acronyms. Navigating so many terms can be confusing and overwhelming, especially as many can have different meanings, depending on the context. To help guide you as you learn more about Permissions Management, we put together a list of many of these common terms you may come across, what they mean, and why they’re important. If you find this blog helpful and want to learn more, make sure you check out our full Permissions Management Glossary here.
Cloud service describes any service delivered on-demand to users via a third-party provider. The primary service categories include: Infrastructure-as-a-Service (IaaS), Platforms-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Providing appropriate and secure access to these services has become even more complex. Accurately and efficiently managing this volume of cloud services means organizations need a clear purview into their catalog of services and who is accessing them.
When building and supporting a Zero Trust foundation, the principle of least privilege is one of the essential pillars to lay this foundation. Maintaining the least privilege means that identities are provisioned with the least privileges they need to complete their day-to-day operations. Considering the explosion of permissions and identities across cloud infrastructures, enforcing the principle of least privilege manually has become almost impossible. Organizations need a solution that helps automate this critical task to help secure their digital estate.
Permissions give identities the ability to perform an action on a resource. The rising rate of multicloud infrastructures makes it increasingly challenging to effectively manage permissions. Across major clouds, thousands of permissions can be granted, and over 50 percent are high-risk, meaning they can cause service disruption, service degradation, or data leakage when used improperly. * To help support a viable multicloud strategy and avoid accidental or malicious misuse, streamlined permissions management is essential.
A resource is an entity that uses compute capabilities, such as virtual machines, serverless functions, network and storage objects, etc. Resources are critical to your infrastructure, so it’s important to maintain full visibility over who can perform what actions on the resources.
Super User / Super Identity
A super user or super identity is a powerful identity that can perform any action on all resources across the cloud infrastructure. They are particularly important to manage and right-size considering that these identities are powerful and over-permissioned by nature. Any malicious or accidental permission misuse is a great risk to the organization’s security.
A workload identity (often referred to as a non-human identity) is the identity assumed by software workloads, such as containers, VMs, applications, and services, so that they can authenticate and access other services and resources. Like human identities, workload identities are exponentially increasing in multicloud environments and are expected to outnumber the growth of human identities by a huge margin. As workload identities continue to increase and are often automated, they have become increasingly critical and difficult for organizations to manage.
A proactive, integrated approach to security across all layers of the digital estate that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real-time response to respond to threats.
Learn more about Microsoft identity: