Twitter Hacked Through Slack

Enterprises with cloud apps such as Slack and Microsoft Teams have recently become vital to the workforce. As working from home and social distancing continue, the need for these applications continues as well. However, we are learning that because these channels were adopted so quickly, security was not prioritized. Whereas email accounts have multiple layers of security, work apps have close to nothing. The rapid acceleration of cloud adoption can lead to a similar scenario where the use of new technologies offered up as cloud services, while having security principles applied to them. Organizations can find themselves in a hurry to implement the newest tech, and leave security in the dust.

One step to secure cloud apps is the use of IAM, or Identity and Access Management. In enterprise IT, IAM ensures that access to credentials is granted to the right assets, to the right users, in the right systems. It defines and manages the roles and access privileges of individual network users through tools such as password management services, provisioning software, security-policy enforcement applications, and more. 

IAM is critical to security plans because of the vulnerability that credentials hold and the organization’s information that can be obtained with them. Due to its importance, IAM should always be consistent and scalable to deal with centralizing management in large enterprises, as well as work in many different environments. 

Access Keys are another element to maintaining security in the cloud. An access key is a long-term credential for an IAM user or an AWS account root user, and is used to sign programmatic requests to the AWS CLI or AWS API. While it consists of two parts — the access ID and the secret access key — both are needed to authenticate requests.