The Credential Compromise Problem

This is a familiar pattern by now - attackers harvest compromised or leaked cloud credentials and use them from anywhere in the world to penetrate cloud environments to get access to business critical or private customer data.

Why is this threat so significant and insidious?

Rapid growth of credentials in a company’s cloud environment

Corresponding growth of likelihood of some of these credentials being unintentionally leaked or stolen

Leaked or stolen credentials are easy to use by any attacker from anywhere in the world

Credentials often have broad access to sensitive data (unnecessarily broad “blast radius")

Current solutions do not provide adequate protection

Many tools focus to achieve "Least Privilege" access for credentials instead

What is “Least Privilege” ?

Aspires to reduce access to only required business functions

Requires a continuous manual effort that becomes unsustainable with the growing number of credentials

Only narrows the access enabled by a stolen or leaked credential, but does not remove it

Needs coordination among multiple teams to define what is “Required Business Access”

What provides adequate protection against these threats?

only trusted cloud identities,  accessing trusted resources, from expected networks

Only a combination of identity, network, and resource technology layer controls can provide an effective solution. The InstaSecure platform encapsulates all this required expertise and automates the creation and maintenance of a cloud perimeter that provides such a multi-dimensional protection.