Stack Identity’s IAM Research Finds Machines Lead ‘Shadow Access’

Stack Identity, a Silicon Valley startup automating identity and access management (IAM) governance to identify and eliminate cloud data threat vectors, released its Shadow Access Impact Report, which highlights gaps that could result in cloud breaches.

The data from Stack Identity pertaining to cloud identities and entitlements highlights the gaps through which organizations can suffer cloud breaches, intellectual property and sensitive data loss. Shadow access, the invisible and unmonitored identity and access, increase the risk of breaches, malware, ransomware and data theft that IAM tools are not built to mitigate.

The industry recognizes shadow access as a growing threat to cybersecurity. As seen with the LastPass data breach, the report shows how shadow access and the fragmented IAM systems increase permissions to external threat actors.

“Our first Shadow Access Impact Report shows the high percentage of non-human identities that are driven by the cloud automation flywheel of more clouds, third-party data access and more identities,” said Venkat Raghavan, founder and CEO at Stack Identity. “The impact of shadow access goes beyond the risk of data exfiltration and cloud breaches. The fragmented and static IAM systems today enable shadow access to remain undetected, and make cloud compliance and governance static, time-consuming and expensive.”

Stack Identity’s findings are based on the analysis of 60 live cloud instances scattered across cloud IAM, cloud IDP, infrastructure as code, data stores, HR systems, ticketing systems, emails, spreadsheets and screenshots. For a guide of scale, one of the cloud environments had thousands of cloud identities, 320 data assets, 400 AWS customer-defined policies and 10GB per day of CloudTrail volume.

Key takeaways from the report include:

  • Only four percent of identities are human while the remaining are non-human identities (automatically generated by APIs, cloud workloads, data stores, microservices and other multi-cloud services)
  • Five percent of identities in the cloud have admin permissions
  • Twenty-eight percent of policies in the cloud have some level of permission management
  • Three out of every four policies used in cloud environments include write permissions

The report explains the 10 different types of shadow access that DevOps and SecOps teams need to be aware of and provides best practices on how to follow an attacker’s traceable cloud IAM footprints to reduce the risk of cloud data breaches and data exfiltration.

“DevOps teams cannot keep up with the vast numbers of policy actions combined with sensitive data assets that multiply the volume of risk combinations,” said Dr. Prakash Shetty, director of product strategy, cloud security and operations at Stack Identity. “By detecting the IAM footprints created by shadow access exploits, DevOps and security teams have the visibility and analytical context needed to prioritize remediation of security risks to cloud identities, data and resources.“

To access the full findings from the Stack Identity Shadow Access Impact Report, register here To run a 60-minute assessment of shadow access vulnerabilities to find the IAM blind spots in your cloud environment, register here