Weak Identity and Access Management Controls
- Identity and access management (IAM) controls are about securely managing the user account life cycle across one or many organizations. Least access principles should always be followed.
- Administrative controls such as policies and procedures surrounding authentication and authorization should be in place to ensure industry best practice is followed.
- Technical controls such as a third-party application that allows for centralized management and integrates with company user directories.
Cloud provider's role in security
- As more and more companies take their business to the cloud, there is often a blurred line regarding security roles and responsibilities.
- Companies and cloud providers must ensure all layers of the company solution are identified and protected by one or both parties. These areas of responsibilities should be addressed during the contractual phase of the service agreement.
- The Internet of Things (IoT) continues to grow with technology. Things such as baby monitors, coffee makers, security systems and even cars are now connected to the internet.
- Reviewing basic security requirements such as default account settings and password reset, encryption, web interface security can help prevent malicious activity.
- Businesses will continue to increase public web transactions and increase the risk of compromise.
- Cloud applications should have strong authentication methods and use multi-factor authentication whenever possible. Sensitive data should be encrypted in-transit and at-rest. Context-based access controls such as time of day or source location can also be used to improve account security.