Creation of Cloud Resources

Routine reviews of user accounts and their associated privileges and permissions should be conducted to identify overly-permissive accounts, or accounts that are no longer required to be active.

Privileged Access Management (PAM) is a critical security practice designed to control and monitor access to sensitive systems and data. By managing and securing accounts with elevated privileges, PAM helps reduce the risk of insider threats and unauthorized access to critical infrastructure.

Key Prevention Measures:

Least Privilege Access: PAM enforces the principle of least privilege by ensuring users only have access to the systems and data necessary for their role, limiting opportunities for misuse.

• Just-in-Time (JIT) Access: PAM solutions provide temporary, on-demand access to privileged accounts, ensuring users can only access sensitive environments for a defined period, minimizing exposure.
• Centralized Credential Management: PAM centralizes the management of privileged accounts and credentials, automatically rotating passwords and securely storing sensitive information to prevent unauthorized access.
• Monitoring and Auditing: PAM solutions continuously monitor and log privileged user activities, providing a detailed audit trail for detecting suspicious behavior and ensuring accountability.
• Approval Workflows: PAM incorporates approval processes for accessing privileged accounts, ensuring that elevated access is granted only when justified and authorized by relevant stakeholders.

Benefits:

PAM enhances security by reducing the attack surface, improving compliance with regulatory standards, and enabling greater control over privileged access. It provides robust protection for critical systems by limiting unnecessary exposure to high-level access, facilitating auditing and accountability, and minimizing opportunities for both insider and external threats.

The Principle of Least Privilege should be enforced, and period reviews of permissions conducted to ensure that accounts have the minimum level of access required to complete duties as per their role.

A scheduled, systematic audit of organizational assets to verify that all hardware, software, and network infrastructure aligns with approved inventories and configuration baselines. The audit is designed to detect unauthorized, unapproved, or misconfigured assets that may have been introduced opportunistically by subjects circumventing standard processes.

Detection Methods

• Conduct periodic formal asset discovery audits using network scanning tools, endpoint management platforms, and manual verification processes.
• Reconcile discovered assets against authoritative asset management databases (e.g., CMDB, inventory systems).
• Inspect critical operational areas physically to identify unauthorized devices such as rogue wireless access points, unsanctioned satellite terminals, or personally procured IT hardware.
• Require supporting documentation (e.g., procurement records, change approvals) for all assets found during audits.
• Audit virtual infrastructure and cloud accounts to detect unapproved services, instances, or network configurations introduced outside formal governance.

Indicators

• Assets detected during the audit that are absent from official asset registries.
• Devices operating without appropriate configuration management, endpoint security tooling, or monitoring integration.
• Physical or virtual infrastructure deployed without associated change control, procurement, or authorization records.
• Wireless networks or external connections operating without approved designations or safeguards.

Audit Logs are records generated by systems and applications to document activities and changes within an environment. They provide an account of events, including user actions, system modifications, and access patterns.