Youattest Logo

YouAttest and AWS Identity Auditing

The worldwide infrastructure as a service (IaaS) market grew 41.4% in 2021, to total $90.9 billion, up from $64.3 billion in 2020, according to Gartner.   And Amazon is in the lead. 

Amazon had over $35B in 2021 IAAS revenue, with 38.9% of the market and an astounding 35% growth rate.

And cloud applications and servers are a prime target for hackers, primarily because of poor cybersecurity management and misconfigured services.     Analysis of IAM policies of 18,000 cloud environment across 200 organizations by cybersecurity researchers at Palo Alot Networks found cloud accounts and services are the opening for the hackers.   According to the research, 99% of cloud users, services and resources provide excessive permissions.

AWS Accounts Should be Reviewed

For security reasons alone – AWS admin accounts should be reviewed.

But in most sectors of it’s also the law.   Healthcare, financial services, defense, international, government suppliers all are under legislation that mandate that accounts and service accounts that protect PII, PHI and CUI – must be reviewed.

Best practices recommend that service accounts be reviewed quarterly which many organizations, through automation, execute monthly.    

But How to Automate the AWS User Access Review (UAR) Process?

The majority of user access reviews are done manually, through spread sheets and email, and one wrong, by the administrator themselves.

A proper user access review, mandated by NIST Cybersecirty Framework SP 800-53 PR.AC-1, should be automated for regularity and NOT conducted by the administrator, but reviewed, certified or revoked by the the actual application and/or group owners.   (See: YouAttest 101 – User Access Reviews Done Right.)

This is what YouAttest does.  It creates a quantifiable, repeatable process that:

  •  Automates review process
  •  Auto-delegates to user managers or application managers
  •  Has multi-tier approvals (up to 4 levels)
  • Allows reviews to certify, revoke or re-delegate
  • Enable auto-scheduling
  • Documents the process w/ a immutable time stamp

YouAttest and AWS User Access Reviews

YouAttest enable an enterprise and most importantly, an internal or external risk manager conduct a review of the AWS privileges.

Just follow these simple steps:

      1. (optional) Connect YouAttest to your SSO system  (Azure AD, AD, Okta, Jumpcloud, etc):

        Image #1: YouAttest allows enterprises to conduct a review of ANY resourced based on their IAM identities.
      2. Export the IAM permissions from your AWS resource:

        Image #2: Simply export the AWS IAM (or any other SaaS resource) to a XLS table.
      3.  Import the CSV to YouAttest:

        Image #3: Import the file to YouAttest.
      4. Run a YouAttest Attestation Campaign:

        Image #4: Now YouAttest will guide you through an attestation campaign were reviewing can choose to certify, delegate or revoke the stated permissions.
      5.  Now…  Create a Report:

      Image #5: Upon completion of the campaign YouAttest generates a time-stamped audit of the attestation campaign.

      Voila!  That’s how we solve the Palo Alto Unit 42 “99% of cloud accounts are overly permissive”   Rinse and repeat w/ YouAttest.

      Summary:

      YouAttest is an automated user access review tool that helps organizations analyze and monitor user access policies. It allows businesses to quickly identify any potential security threats or anomalies and verify user identities and credentials. With this powerful tool, companies can trust that they are always in compliance with security regulations and standards, including NIST SP 800-53 PR.AC-1, and their data remains safe from potential threats.

      Contact us today to learn more about how YouAttest can help improve your User Access Reviews (UARs) for compliance and better identity security.

       

Facebook
Twitter
LinkedIn

More
articles