How PagerDuty and Stack Identity Ensure Timely Notification of Cloud Data Breach Risks

Apr 25, 2023 | Blogs

Security teams complain that they are overwhelmed with existing cyber security initiatives when it comes to dealing with emerging new attack vectors. Yet one of the newest attack vectors – Shadow Access (resulting from poorly managed IAM operations and over-provisioned identities) – is one of the largest risks for cloud data exfiltration.

Some security teams are so busy implementing new platforms such as Cloud Security Posture Management (CSPM) or Cloud Native Application Protection (CNAPP) that we often often hear the refrain “Not Right Now”; but we know that bad actors, hackers and regulators aren’t of the same mindset and “Not Right Now” does not apply. The do nothing approach, whether intentional or not, does not address the growing risk of cloud data exfiltration. Stack Identity can actually help enterprises to very quickly secure “Shadow Access” with very little effort or cost.

Stack Identity augments security team resources by automating the detection of cloud data exfiltration risks; 80% of which are caused by identity and access management issues. Stack Identity continuously monitors vulnerable cloud data stores for identity and access risks that can be exploited for rogue access, data exfiltration or external data sharing. This solution can quickly identify and remediate potential breaches through the analysis of identity and access, pinpointing blindspots in the systems by which identities can be manipulated and the cloud data security compromised. We quickly identify toxic combinations of over-provisioned identities with broad capabilities in systems such as CI/CD tools and the level of security around the data they access.

With our integration to PagerDuty, users of Stack Identity can ensure that DevOps and Security Operations teams are quickly notified of identity and access risks and the resultant breach paths as soon as they are discovered.

Stack Identity can send potential security issues as incidents within PagerDuty by enabling security operators to keep a single pane of glass for managing and remediating security vulnerabilities from all sources. Security operators are quickly notified of critical issues and can immediately identify the appropriate remediation steps to be taken by DevOps teams, dramatically reducing the time to resolve these security vulnerabilities.

From the screen pictured below users can click on the PagerDuty icon which will pop-up the risk details. When the user hits the ‘Send’ button, it will create an incident in PagerDuty with the default configuration you have set up. You can view the created incidents in your PagerDuty console.

Users of Stack Identity can rightsize permissions and entitlements to cloud data to eliminate toxic combinations of identities and permissions used to breach cloud environments and exfiltrate data. The Stack Identity solution continuously monitors all identities, cloud services and data to allow users to:

  • Know which apps and resources are being used
  • See what data is being accessed
  • Monitor active identities and permissions

Additionally and perhaps most importantly; Stack Identity enables teams to

  • Accelerate remediation
  • Prioritize and govern risks across all access and breach pathways and
  • Quickly identify and remove vulnerabilities in cloud datastores due to over-privileged identities

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map. We help you remediate all types of access risks – human and API-based, guiding SecOps teams to take definitive action and provide CISOs with an honest view of cloud IAM security risks.

How to Guide Here.