In 2019, I founded and served as the CEO of a cloud security company (C3M), a journey that eventually led to our acquisition by CyberArk in 2022. Back then, the cloud security scene was budding, filled with migration buzz and a shifting urgency around securing the cloud. Acronyms like CSPM (cloud security posture management) were emerging, and enterprise security leaders grappled with where to begin.\n\nJump to 2023, and cloud security has transformed. And those then-burgeoning acronyms are now part of our security vocabulary; CSPM is now the vital CNAPP (cloud-native application protection platforms). In this space, Cloud Identity and Entitlement Management (CIEM) steps up, fixing identity misconfigurations and taming permissions.\n\nYet, a clear pattern emerges in conversations with leaders from some of the world\u2019s largest organizations. While detection platforms provide excellent insights into their cloud posture, addressing the identified issues isn\u2019t straightforward. In fact, most security teams struggle to take the right risk-reduction measures for their environments. Effective cloud security goes beyond fixing configurations or permissions; it\u2019s fundamentally about controlling \u201caccess\u201d to your cloud\u2014your consoles, data, and infrastructure.\n\nCyberArk\u2019s Insight to Action framework helps address this gap between detection and remediation and offers a deep dive into six pivotal areas recognized as substantial threats in the cloud environment. Addressing these challenges provides a secure cloud experience and ensures smooth operations, eliminating potential loopholes and vulnerabilities.\n\nThe Insight to Action framework builds on CyberArk\u2019s history of risk-focused best practices and identity security framework, the CyberArk Blueprint for Identity Security Success. Enterprises can achieve a proactive and resilient identity security posture by focusing on six \u201cinsights\u201d across major cloud platforms like AWS, GCP, and Azure.\n\nIn my previous blog, \u201cOperationalizing Identity Security in the Public Cloud,\u201d I discussed the significance of a comprehensive framework that transforms risk insights into actionable remediation measures. Taking it a step further, I\u2019m now excited to share the following critical insights that can significantly help your organization reduce risk in the cloud.\n\n6 insights to drive actions to reduce cloud risk\n\nInsight 1: Dormant users in the cloud \u2013 the hidden threat\n\nDormant users or inactive accounts with retained access privileges pose a significant risk. They often go unnoticed in expansive cloud environments, offering backdoor entries for malicious actors. To mitigate this threat, you can:\n\nInsight 2: Misconfigurations \u2013 the identity blindspot\n\nMisconfigurations in a cloud environment refer to incorrectly set up assets or services that can expose an organization to risks of varying levels. With the complexity of modern cloud architectures, configuration settings can number in the thousands. Each setting provides a potential opportunity for error. Amid thousands of settings, a few incorrect ones can easily go unnoticed.\n\nTo address this threat, here are some steps you can take:\n\nIn the event of misconfigurations, automated scanners alone can pinpoint issues and provide actionable insights on rectifying them, ensuring a swift and effective resolution.\n\nInsight 3: Persistent access to the cloud \u2013 the overlooked backdoor\n\nPersistent access means that if an attacker compromises an account, they have indefinite access until detected. This extended time frame allows malicious entities to establish a stronger foothold, conduct reconnaissance, and even spread to other parts of the network.\n\nTo mitigate this threat, you can:\n\nIn the case of ZSP, it\u2019s an approach gaining traction because it limits the time window for potential abuse of elevated privileges. This ensures users get only the access they need and only for as long as they need it. Coupling ZSP with JIT further reduces the exposure window, making it a powerful combination against potential threats.\n\nInsight 4: Excessive permissions \u2013 a gate wide open\n\nExcessive permissions in the cloud provide users, and potentially attackers, more access than required to perform their tasks, turning even a minor breach into a potential catastrophe. Excessive permissions in the cloud can lead to data leaks, privilege escalation and operational risks.\n\nTo address this threat, you\u2019ll want to:\n\nInsight 5: Unrotated secrets \u2013 a ticking time bomb\n\nIn the world of multi-cloud architecture secrets \u2014 be it API keys, tokens, public\/private key pairs, or passwords \u2014 act as vital access conduits to crucial data and services. AWS, GCP and Azure, three cloud giants, all offer their versions of secret management services. However, if these secrets remain static, the risk factor compounds. The threat is akin to leaving a backdoor unlocked indefinitely; it\u2019s just a matter of time before someone or something exploits it.\n\nProactively managing these secrets across all cloud platforms is not a mere best practice \u2014 it\u2019s a necessity.\n\nTo mitigate this threat, you can:\n\nInsight 6: Non-vaulted admin accounts \u2013 the exposed crown jewels\n\nAdmin accounts are the crown jewels of any IT infrastructure, granting privileged access to the heart of systems and data. In the realms of AWS, GCP and Azure, these accounts, when not vaulted, can be likened to leaving the keys to the kingdom unguarded. As businesses expand their cloud presence, securely managing these accounts, with their elevated permissions, is essential.\n\nTo mitigate this risk, you can:\n\nTaking Cloud Security Action\n\nWhere the Insight to Action framework is organized around substantial threats to your cloud environments, the CyberArk Blueprint is organized around target personas and privileges grouped into security control families. Every organization has unique prioritization needs and a different existing risk posture. By leveraging the CyberArk Blueprint for CIPS and the Insight to Action framework together, your organization can develop a tailor-made strategy and approach to securing your multi-cloud environments.\n\nStay tuned! The evolving cloud landscape promises more insights and innovations. We are excited to guide you through them in upcoming blogs.\n\nPaddy Viswanathan is vice president of Cloud Solution Strategy at CyberArk.