Cloud Account Management Challenges
However, the cloud is not protected by a "Castle and moat" like data centers because the security boundary is lowered to an "ID". Since important systems can be accessed anywhere in accessible clouds, they can be dominated by attackers if account information is stolen.
Cloud accounts are also frequently traded. Trend Micro reported a site selling data log access rights that can access millions of data for $1,000 a month. IBM said a large public cloud access key was being sold for only $15 and there was also an online course to steal account information and guide them to use it in attacks.
In order to protect account information, it is required to comply with the zero-trust security principle as follows: 1) the appropriate person should be monitored to access the appropriate data 2) in a timely manner 3) and to act within the authority. Allowing more authority increases security threats whereas excessive control of authority lowers work productivity. While maintaining the same basic principles in the cloud, automated policies should be applied to account for the flexibility and scalability of the cloud.
[Source: Datanet http://www.datanet.co.kr/news/articleView.html?idxno=158082]