Partner Access

Access expertise and manage operational risk by allowing trusted partners to support your cloud estate via robust access control policies.

Definition

Inviting specialists to collaborate with internal staff to build, operate, or review a cloud estate allows organisations to manage risk efficiently. Bringing in experts to support different steps on a cloud journey helps establish robust processes, minimise wasted effort, and optimally apply cloud computing tailored to a specific organisational context.

Making Partner Access a defined component of the security landscape ensures that there are defined mechanisms for partner access control. The role of Partner Access is to deliver:

  • Timely access to cloud resources (on time, and for the necessary duration)
  • The appropriate roles and permissions to manage cloud resources
  • Clear visibility of what access partners have to cloud resources
  • An accurate audit of activities carried out by partners

Non-cloud resources may be deployed to support these objectives, including the use of specialist security tools.

Security layers

Cloudmarque advocates a “defense in depth” approach to security. For Partner Access this can be evaluated as follows:

Proactive monitoring

Monitoring

  • Ensure that partner activity (including permission requests) are represented accurately in activity logs
  • Establish alerts to identify unexpected partner access to secure resources
Proactive monitoring

Identity Protection

  • Agree appropriate identity processes for partners (guest or native identities, security principals, or groups)
  • Ensure that identity management tooling encompasses partner accounts
Proactive monitoring

Access Controls

  • Consider using just-in-time permission approval processes and time-limited access to resources and roles
  • Limit access to the resources that the partner is responsible for creating or managing (including backups)
Proactive monitoring

Perimeter Security

  • Consider using IP restrictions to control partner access to cloud systems
Proactive monitoring

Encryption

  • Unless the partner is working with your data, ensure they do not have access to download data, or the encryption keys used to secure data
  • Ensure that backups are also suitably encrypted
Edit this page on GitHub

The content on this page is published under Open Source licenses via GitHub. To submit issues or provide feedback please visit the repository.

Visit