A field guide to bad permissions, part 1: ungoverned permissions

The rapid migration of data and infrastructure to the cloud has significantly increased the scale, scope, and complexity of identity security. However, the tools used for identity security and governance have not fundamentally changed from the on-prem era, leaving security teams struggling to keep up with the rising number of identity-based attacks. This article provides a field guide to the major types of bad permissions that organizations need to be aware of in order to safeguard their critical apps and data. It focuses on ungoverned permissions, which are not captured or tracked in access governance tools like identity providers (IdP) and identity governance & administration (IGA) tools. Ungoverned permissions happen due to the existence of local accounts and local admins in SaaS apps and cloud providers that allow for standalone use. These ungoverned identities can lead to compliance failures, incident response challenges, and increased risk of data breaches. To fix ungoverned permissions, organizations need to compare the full permissions an identity has at the data end with the permissions granted through their IdP. Veza, a platform that connects to both identity providers and all data systems, can help identify and remediate ungoverned local accounts by comparing them with users in Okta or other IdPs.