Identity-first Cloud Security

  • Find and fix operational risks
  • Automate governance and compliance
  • Secure cloud data

Stack Identity Research Report

The biggest risk to protecting cloud data is securing who has access to it, and in an overly-permissioned environment with multiple identities involved, data exfiltration can occur through multiple shadow access pathways. Continuous visibility with rich context is essential to empower security and engineering teams to audit, govern, and promptly rightsize access.

Sean Ventura, Head of Security & Compliance, KinderCare

Managing the inventory of what is out there in the Cloud and who has access to what, will be a big challenge with the containerized and microservices based deployment in Public Cloud.

Director, Global Information Security

Top 5 US Bank, NY

Our AWS cloud ecosystem is a mix of automated DevOps and manually managed infrastructure. “Stack Identity gives continuous visibility into our data exposure risks with the ability to automate least privileged enforcement for both our security and engineering operations teams.”

Steve De Jong, Distinguished Engineer at Vercara.

Transform IAM across your Clouds

Shadow Access is unauthorized, invisible or unmonitored access to cloud data, applications, and software.

Shadow Access is caused by toxic combinations of identities and permissions used to breach cloud environments and exfiltrate data.

AWS alone has 12,800 API connections with 13,800 permissions to access cloud data and services

Our approach quickly revealed

PROGRAMMATIC ACCESS TO AN EXTERNAL VENDOR WAS COMPROMISED

THAT CAUSED S3 TO BE USED FOR CRYPTO MINING AND MALWARE HOSTING

SERVER-LESS (LAMBDA) FUNCTION REPLACED WITH MALICIOUS CODE THAT

ADDED AN IAM USER FOR AN ATTACKERS ACCESS FROM OUTSIDE

ABUSED IAM PERMISSIONS ATTACHED TO AN APPLICATION INSTANCE OR APPLICATION RUNNING ON

A COMPUTE INSTANCE TO EXFILTRATE SENSITIVE DATA

COMPROMISED RESOURCE BASED POLICY TO

CREATE A BACKDOOR FOR THE ATTACKER

INVISIBLE ACCESS FOR AN ATTACKER

BECAUSE THE AWS POLICY CONSOLE DOES NOT SHOW UP EFFECTIVE PERMISSIONS OR INHERITED PERMISSION TO AN IDENTITY OR RESOURCE

Cloud security demands a new approach to cloud IAM operations

 

Continuously monitor all identities, cloud services and data

Identities

Human

Machine

Cloud services

Data

Prioritise, remediate and govern risks across all access and breach pathways

Create the foundation for Cloud IAM Operations

Consolidate all things access onto a single IAM data platform

Cloud IAM Data Lake

Take control of your access and fix all your gaps across the security lifecycle:

Audit & Compliance – Data Security – IAM Governance

Key Use Cases

Continuous access monitoring of third party access

Detect and remove “Shadow Access Risks” in the Cloud

Rightsizing permissions and entitlements to cloud data (CIEM)

Automatic cloud permission and access drift detection (CAPM)

Automating Quarterly Cloud Access Audit

Identify and remove vulnerabilities in cloud datastores (DSPM)

Cloud Identity and Access Governance