with no consultancy from other operations or security experts within the firm. This can
lead to a violation of the least-privilege principle of the cybersecurity rule.
You will be amazed at how quickly your infrastructure and applications deploy with
automation via these new models. However, DevOps systems and processes, if not
implemented properly, can pose security risks when access permissions are provided
with unnecessary privileges. It is also extremely dangerous if your infrastructure and
data can be destroyed instantly, either by an operational mistake or by an attacker who
hijacked your high-privileged DevOps access credentials.
DevOps or DevSecOps are the new models you should adopt for your organization, but
they must have proper IAM controls and procedures in order to operate efficiently and
securely. This is an area that should not be overlooked by management.
The New King: The Cloud Administrator
The process to create new cloud accounts in AWS, Azure and Google is fairly simple. You
use your corporate email address, a credit card for payment method and billing informa-
tion, etc., and you are instantly in the cloud. At this point, you are also the sole adminis-
trator of your cloud account, the king of your empty cloud kingdom. You will decide how
to grow your cloud kingdom quickly with applications and databases. You will soon need
to delegate your role to other cloud knights, who also have permissions to bring up and
shut down your cloud resources. You and your new cloud knights will prefer to keep it
simple, since dealing with fine-grained access controls to resources requires lots more
work and effort. Therefore, your cloud knights are now in fact new cloud kings.
As your application and resource deployments grow in the cloud, that small group of
cloud administrators will not be able to keep up with the workload. They will need an
even larger group of administrators with the same set of permissions. One typical
approach uses a Microsoft Azure Active Directory (AD) administrators’ group (ADAG)
FALL 2019 | THE DOPPLER | 45