-

New IAM Research by Stack Identity Finds Machine Identities Dominate Shadow Access in the Cloud, Revealing Easy Attack Vector for Hackers

  • Identity and Access trend report data highlights different types of Shadow Access; provides best practices on how to reduce cloud breaches and data exfiltration
  • Cloud native, enterprise environments showed only 4% of identities as human, while the remaining are non-human identities
  • 76% of policies used in enterprise cloud environments include write permissions and 28% of policies have some level of permission management

MENLO PARK, Calif.--(BUSINESS WIRE)--Black Hat Conference -- Stack Identity, a Silicon Valley startup automating identity and access management (IAM) governance to identify and eliminate cloud data threat vectors, today announced it has released the industry’s first Shadow Access Impact Report.

The data from Stack Identity pertaining to cloud identities and entitlements highlights the gaps through which organizations can suffer cloud breaches, intellectual property and sensitive data loss. Shadow Access, the invisible and unmonitored identity and access, increases the risk of breaches, malware, ransomware and data theft that current IAM tools are not built to mitigate.

The industry is increasingly beginning to recognize Shadow Access as a growing threat to cybersecurity. Recently, Jim Reavis of the Cloud Security Alliance wrote, “There are several studies available that indicate cloud microservices and containers tend to have too many unpatched vulnerabilities and unused privileges attached to them…I believe that Shadow Access is something that we want to address by applying Zero Trust principles towards it…Zero Trust encourages us to define a protect surface, minimize access to it and monitor the system continuously.”

As seen with the prolific LastPass data breach, the report shows how Shadow Access and the current, fragmented IAM systems increase permissions to external threat actors.

“Our first Shadow Access Impact Report shows the high percentage of non-human identities that are driven by the cloud automation flywheel of more clouds, 3rd party data access and more identities,” says Venkat Raghavan, founder and CEO at Stack Identity. “The impact of Shadow Access goes beyond the risk of data exfiltration and cloud breaches. The fragmented and static IAM systems today enable Shadow Access to remain undetected, and make cloud compliance and governance static, time-consuming and expensive.”

Stack Identity’s findings are based on the analysis of 60 live cloud instances scattered across Cloud IAM, Cloud IDP, Infrastructure as Code, data stores, HR systems, ticketing systems, emails, spreadsheets and screenshots. For a guide of scale, just one of the cloud environments had thousands of cloud identities, 320 data assets, 400 AWS customer-defined policies and 10GB per day of CloudTrail volume.

Key takeaways from the report include:

  • Only 4% of identities are human while the remaining are non-human identities (automatically generated by APIs, cloud workloads, data stores, microservices and other multi-cloud services)
  • 5% of identities in the cloud have admin permissions
  • 28% of policies in the cloud have some level of permission management
  • 75% of policies used in cloud environments include write permissions

The report explains the 10 different types of Shadow Access that DevOps and SecOps teams need to be aware of and provides best practices on how to follow an attacker’s traceable cloud IAM footprints to reduce the risk of cloud data breaches and data exfiltration.

“DevOps teams cannot keep up with the vast numbers of policy actions combined with sensitive data assets that multiply the volume of risk combinations,” says Dr. Prakash Shetty, director of product strategy, cloud security and operations at Stack Identity. “By detecting the IAM footprints created by Shadow Access exploits, DevOps and security teams have the visibility and analytical context needed to prioritize remediation of security risks to cloud identities, data and resources.“

"We all know that identities are a source of risk; this research report helps practitioners get visibility to access and entitlement patterns that are inherent in DevOps and CloudOps processes that in turn can lead to Shadow Access Risks and Threats,” said Dr. Heather Hinton, CISO at Pager Duty.

"The status quo of overly permissioned cloud accounts with long standing privileges and static entitlements creates an environment where Shadow Access thrives. The Shadow Access research report brings a data driven baseline to identify gaps in IAM governance and how best to rethink the governance process to effectively work in automated cloud native environments," said Ken Foster, VP of IT Governance, Risk and Compliance at FLEETCOR.

To access the full findings from the Stack Identity Shadow Access Impact Report, register here: https://stackidentity.com/the-shadow-access-impact-report/.

To run a 60 minute assessment of Shadow Access vulnerabilities to find the IAM blindspots in your cloud environment, register here: www.stackidentity.com/Shadow-Access-Risk-Assessment.

About Stack Identity

Founded in the heart of Silicon Valley, Stack Identity transforms cloud IAM operations to continuously detect, eliminate and govern unauthorized, unmonitored and invisible Shadow Access. Through its patent-pending algorithm Breach Prediction Index (BPI), applied with deep data and application context, Stack Identity reveals the 2% of toxic access combinations that impacts 90% of data assets and enables cloud security teams to quickly prioritize and automate remediation. Visit us at www.stackidentity.com, and follow us on LinkedIn.

Stack Identity


Release Versions

More News From Stack Identity

Stack Identity Expands Identity Access Risk Management Platform with Launch of Identity Threat Detection Response Capabilities

MENLO PARK, Calif.--(BUSINESS WIRE)--Stack Identity, a Silicon Valley-based company pioneering identity security, today announced the expansion of the Identity Access Risk Management Platform with identity threat detection and response (ITDR) to tackle shadow access and shadow identities. Identity-centric attacks have exploded as the primary vector among cyberattacks, showcasing extreme gaps in traditional access management, IAM, IGA and identity provider platforms. Gartner predicts that by 202...

Stack Identity Shadow Access Risk Assessment Now Available on AWS Marketplace to Expand Identity Risk Assessments

MENLO PARK, Calif.--(BUSINESS WIRE)--Stack Identity, a Silicon Valley-based company pioneering an identity security platform that champions a unified, consolidated and automated strategy to tackle Shadow Access, today announced the availability of its Shadow Access Risk Assessment (SARA) product on Amazon Web Services (AWS) Marketplace. Unauthorized identity permissions and credentials cause more than 80% of cloud data breaches and security incidents. There are limited products on the market th...

Stack Identity Launches Identity Risk Management Platform on AWS Marketplace to Eliminate Unauthorized Access

MENLO PARK, Calif.--(BUSINESS WIRE)--Stack Identity, a Silicon Valley-based company pioneering an identity security platform that champions a unified, consolidated and automated strategy to tackle Shadow Access, today announced its comprehensive identity access risk management platform is now available to purchase through Amazon Web Services (AWS) Marketplace. Shadow Access — or unauthorized, invisible, unmonitored and unintended access — has quickly become one of the most pressing security cha...
Back to Newsroom