Bad Idea! Leaving the Keys to Your Cloud Castle Lying Around
Bot of the Week: Clouds with Active Root Account
What does this Bot do: Identify accounts that still have the root account active
This bot inspects all configured cloud accounts for the presence of a global root account. This is a shared account which cloud providers such as Amazon Web Services discourage using. Keeping this account enabled introduces security and auditing risks as it is typically shared amongst multiple stakeholders in the organization.
Why do I care?
The root account is the initial account that your cloud provider creates. This account is granted all permissions and can access all of the data in the cloud. Keeping the Root Account active is problematic for a few reasons 1) It makes it impossible to see which individual users leveraging that root account make changes in the cloud and 2) it gives hackers a direct target to hit if they want to customer, company or other sensitive information. Lastly, it represents a massive potential blast radius if the Root Account is compromised since it provide a malicious user complete access and control of all resources and region within your account.
Permissions and Tracking
Giving multiple users access the the Root Account credentials gives all of those users, regardless of position or skill level, complete visibility into all cloud data and permission to make any modifications they want. Additionally, by using the same log-in information, this does not allow the organization to audit what changes were made by whom at any given time. Providing individual accounts makes tracking and auditing changes in the cloud more simple and allows users to quickly locate the source of a change.
Individual accounts also allow restrictions to be placed on users. For example, it may be appropriate for some users to have have full access to the development environment, but have read-only permissions for production resources. Limiting who can make modifications, delete resources, access data and who can spin up resources is best practices and required for many compliance regimes success as SOX, PCI and HIPAA.
Root Account can be Compromised
From a security standpoint, leaving Root Account active gives hackers a direct line to the entire organization’s data. When all activity is executed through Root, it’s easy for hackers have full freedom in your cloud account. In most cases a hacker only needs the email address of the Root Account to begin seizing control of your cloud. With a multiple individual accounts it can be much harder to identify which account will give full access and which are read-only.
The best way to protect the cloud is to revoke the Root Account credentials. If, for whatever reason, you choose to keep it, at a minimum enable MFA (multi-factor authentication) on the root account to mitigate it from compromise via brute force attacks. Use our Bot to remind you that Root Account is active, or use the Clouds Without MFA-enabled Root Account Bot if you want to keep the Root Account but need to ensure it’s MFA enabled.
Another way to protect your account from vulnerabilities caused by having a Root Account open, is to leverage services such as Amazon’s Identity and Access Management for access to the console and API.
Lastly, see our post on Automation Bot to ensure Cloud Trail and other audit services remain active. One of the first things a hacker will do is turn off Audit Services so no one in the organization can see what they are doing. http://divvycloud.com/blog/cloud-technology/bot-week-clouds-without-api-auditing-services/