![]() Insist on an audit review of your cloud provider based on the Cloud Security Alliance’s Cloud Control Matrix, Privileged Access Management standards, and OWASP top-10 protection mechanisms.After all, the cloud is someone else’s data center, so you have little control over it. Relying solely on paper SLAs and contractual language is insufficient and tempts fate. Put a strong back-up provider/on-premise solution on standby.Once Lapsus$ accessed third-party support admin accounts, it was able to breach Okta's internal Slack and Jira applications and the back-end administrative access panel that assists its customers. Such a system can protect against attacks on third-party support administrative accounts, as was the case with Okta. Implement a properly designed privileged access management system to govern all cloud and on-premise environments.Any other suspicious access activity: For this you need analysis made possible by a log management and security information and event management (SIEM) system that includes active monitoring and an appropriate taxonomy that supports event monitoring.Previously unauthorized users with new access roles: For this you need a periodic access governance, review and certification process tied to your identity security management system.Connections to new applications: For this you need to monitor and certify application users who gain access with their credentials.Creation of new administrative accounts: For this you need a traceable identity security management system that handles all provisioning, including privileged accounts.Even though this compromise occurred on Okta's cloud, customers should have an active threat protection and monitoring solution for all of their cloud and on-premise services. Make sure to collate logs from your on-premise and SaaS vendors and review them for events such as: Understand the shared responsibility model for your organization.These are key recommendations for SaaS customers to consider: Unfortunately, precious time was lost, and as with many such exploits, only time will tell if lingering or residual compromises have been contained and localized. Service to customers may not have been interrupted, but that might be pure serendipity. All Okta customers should have been informed immediately so that they could take protective actions. The fact that affected Okta customers and the market were informed two months after the attack is cause for concern. Once an authentication framework is compromised, the field yawns open with other exploitable vulnerabilities. Okta is primarily a gatekeeper that provides cloud-based authentication services to its customers. The Lapsus$ breach impact continues to unfold, but is not too early to apply these security suggestions and lessons. Customers of any SaaS vendor have important cybersecurity lessons to learn from this breach.Ĭompanies pressured by SaaS vendors capitalizing on the Lapsus$ breach should read these security lessons first. We should note that few, if any, vendors are immune to attack, so instead of seeing the Lapsus$ breach as an occasion for schadenfreude, it behooves SaaS providers and customers to view it as a learning moment. Competitive SaaS vendors might be tempted to capitalize on the security breach by raising the anxiety level of Okta customers and needling them to switch providers. Okta’s announcement that at least 366 of its customers were affected by the recent Lapsus$ security breach is still being digested by the SaaS market. Travel, Transport, Logistics & Hospitality.Application Modernization & Integration.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |