Securing identities and their privileges and access should be at the center of your strategy for reducing your cloud attack surface. The old network perimeter, with its limited number of points of ingress secured with firewalls and other perimeter defenses has given way to a distributed arrangement. Software-as-a-Service (SaaS) today is the new IT, and cloud identities are the new perimeter with thousands of users and points of potential failure existing outside of your traditional security protocols. The greatest threats to this new perimeter include:
There are many unique challenges involved with securing cloud services. First, data and applications in the cloud are distributed across many services and platforms; each with its own unique set of capabilities, logs and users.
Capital One, the second largest auto finance company in the United States, operates a Responsible Disclosure Program where researchers can disclose potential vulnerabilities via email.