By default, instances in GCP are attached with a service account that, also by default, is granted the powerful Editor role. Default access scopes scope down the permissions of instances somewhat but still provide, among other things, read access to all storage in the project. Watch out for this!  A few weeks ago my colleague Liv Matan, an Ermetic researcher, and I had the pleasure of speaking at fwd:cloudsec. We gave a session on implementations of the metadata service (also known sometimes as IMDS) in the computing services of AWS, Azure and GCP. [Feel free to attend our detailed webina ..read more

This blog was co-authored by Noam Dahan Introduction When integrating with other workloads, it is never a good idea to send secrets over the network and hard code them. Massive breaches leveraging credentials stolen from GitHub, local machines and other sources have already shown us the impact of not choosing the secure way to carry out an authenticated/authorized operation on the internet. In cloud workload integrations, many organizations and individuals need to access data from outside the cloud environment. Google Cloud Platform (GCP) has a tool called Workload Identity Federation (WIF) th ..read more

Identity and Access management is one of the most important security controls in cloud infrastructure environments like GCP. Since nearly every action performed is an API call – including the provisioning, deprovisioning and manipulation of resources – all a malicious actor needs to get into your environment is the wrong binding of a permission to the wrong identity, or alternatively – a compromised identity. For this reason, it’s crucial to pay close attention to the permissions that grant access to resources in your GCP Organization and make sure only the minimum number of permissions requir ..read more

Most GCP users know that granting basic roles is a really bad practice. But you may be surprised to learn that the risk is much more serious than it might seem, because basic roles actually grant far more than what appears on the permissions list (which is already excessive, of course). For the Owner role, we can assume that most project administrators are aware it includes the resourcemanager.projects.setIamPolicy permission which allows for straight-forward privilege escalation, and manage the risk accordingly. However, for Viewer or Editor, you could make the very reasonable assumption that ..read more

Identity and Access management is one of the most important security controls in cloud infrastructure environments like GCP. Since nearly every action performed is an API call – including the provisioning, deprovisioning and manipulation of resources – all a malicious actor needs to get into your environment is the wrong binding of a permission to the wrong identity, or alternatively – a compromised identity. For this reason, it’s crucial to pay close attention to the permissions that grant access to resources in your GCP Organization and make sure only the minimum number of permissions requir ..read more

A few weeks ago, cloud-sec-twitter got all riled up because permissions for s3:GetObject were temporarily granted to AWS support staff. The blunder was due to an update of the AWSSupportServiceRolePolicy that is attached to a mandatory Service-Linked-Role that exists in all AWS accounts. The updated policy enabled AWS support staff to access objects stored in S3 buckets. This was possible even without the account’s administrator attaching the policy to the role (as it was already attached by default) or even able to remove the permission (as policies attached to the role can’t really be edited ..read more

Securing cloud infrastructure requires a mindset shift – from firewalls, VPNs and servers to workloads, buckets and collaborating with an external cloud security provider. Cloud providers like GCP and AWS offer a shared responsibility model, which determines who is responsible for the security of which architecture components. In this article, we cover the GCP shared responsibility model and explain how to approach it. Cloud Infrastructure Security and Why It Matters Cloud migration is helping businesses stay competitive and offer modern services to their customers. However, transforming from ..read more

Third-party access in the cloud Third-party access features extensively in almost every organization in the cloud. Companies use third-party services in their cloud environments, and those third-party services have to access the customer’s environment to access cloud service provider (CSP) APIs to do their job. However, a third party represents an element in an organization’s security that is inherently outside its control. Secure access mechanisms are therefore key in limiting risk exposure through third parties. The key points we’ll review in this post: Third-party access is most commonly p ..read more