Category Archives for "Managed Services News"

Mar 25

Top Challenges of Managing Public Cloud Security for MSPs

By | Managed Services News

MSPs have their own challenges to overcome when managing customers’ public cloud environments.

While the cloud offers many benefits that make doing business easier, this new domain has opened up space for cybercriminals to run wild where few IT professionals fully understand exactly how to manage a public cloud environment. As an MSP, you have an obligation to your customers to understand the threat landscape in the cloud and better prepare them for potential attacks that target their business through the cloud.

According to Gartner, 95% of cloud security failures are the fault of organizations. Simple oversights like overprivileged IAM roles, exposed Remote Desktop Protocols and data storage misconfigurations are some of the most common mistakes organizations make in the cloud, which can leave customers vulnerable to ransomware attacks, expose data to the public internet, and compromise workloads.

Not only are cybercriminals finding new ways to take advantage of these misconfigurations to gain a foothold in an organization’s network via the cloud, but they’re also extending techniques that they already know work to this new attack vector. As customers migrate to the cloud, so do the cybercriminals, which means that threats such as ransomware are just as topical in the cloud as on premises. As a result of this hefty toolbox of attack methods, recent research from Sophos shows, 70% of organizations having suffered a cloud security incident in last 12 months.

Threat detection in the cloud is difficult, and while MSPs are well positioned to make this easier, they also have their own challenges to overcome when managing customers’ public cloud environments:

Complexity of Multi-Cloud Environments

Seventy-three percent of organizations are using two or more public cloud providers. Organizations typically choose to adopt multiple cloud platforms to take advantage of the technology best suited for their applications, while also retaining leverage over cloud service providers. But the challenge soon becomes that MSPs need visibility across all public cloud environments to properly monitor configurations, services and traffic to protect their customers from every angle.

Short-Lived Resources

Five to 10 years ago, resources deployed on a virtual or bare metal machine would exist for months or even years, making it simple to go back and look at logs or remote desktop in. Now, resources are much shorter lived, with serverless functions that exist for micro-seconds and containers that exist for minutes. Without this record, it makes it more difficult for MSPs to identify the root cause of a security incident or pinpoint where an abnormality began and stop a threat in its tracks before it can cause damage.

More Services Means More Data

With hundreds, if not thousands of cloud resources and services, MSPs also struggle to aggregate all of the data from disparate sources and identify the high-priority events that could turn into a security incident or run up large usage invoices from the cloud provider. Unfortunately, the volume of data created and shared through the cloud today makes it completely inefficient and nearly impossible for humans to manually sort through the noise and make decisions based on meaningful analysis.

To overcome these public cloud security challenges, MSPs need a

Mar 25

Manufacturing & SD-WAN: The Challenges, the Opportunities

By | Managed Services News

The overall economy is beginning to recover from the impact of COVID-19. And as market growth improves, so do the prospects of selling SD-WAN. But those familiar with the SD-WAN market think adoption will play out differently in different verticals.

The manufacturing vertical, for example, exhibits an interesting polarization. SD-WAN is already widely in use and there is tremendous interest in increasing its usage even more. At the same time, however a sizable number of manufacturers don’t use SD-WAN and — for now, at least — don’t plan to. That’s more than any other vertical. So what’s going on?

In this report you will learn about:

  • Economic and technological trends in the manufacturing industry
  • What makes the vertical an intriguing target for SD-WAN deployment
  • The trends that could inhibit growth

About the Author

James Anderson is a news editor for Channel Partners and Channel Futures. He covers SD-WAN, wireless, cable, network services and the agent channel. He interned with Informa while working toward his degree in journalism from Arizona State University, then joined the company after graduating. He has served as a moderator for multiple panels at Channel Partners events.

Sponsored By

Comcast Business logo





Mar 25

National Diversity Council Recognizes Logicalis US Executives

By | Managed Services News

Sally Brandtneris and Nancy Saltzman were honored as leading women in technology and business.

The National Diversity Council has recognized two Logicalis US executives as leading women in technology and business.

Power 50 List

Logicalis' Sally Brandtneris

Logicalis’ Sally Brandtneris

Sally Brandtneris, chief financial officer, was named to the council’s Power 50 list. The list recognizes C-suite leaders from top establishments who have a positive impact on diversity within their departments, companies and communities. Brandtneris is responsible for maintaining the day-to-day fiscal management and controls for Logicalis US. This includes the executive direction and oversight of finance, accounting, tax and IT functions. It also includes the company’s banking and auditing relationships.

In addition, she serves as the executive sponsor of the company’s diversity and inclusion (D&I) initiatives in the U.S. Brandtneris also represents Logicalis US in the organization’s global D&I efforts. She works closely with the executive team to ensure D&I remains at the forefront of Logicalis’ strategy. She has spoken on a number of panels about her experiences as a working woman and mother. In addition, she is a strong advocate and mentor to others.

Top 50 Most Powerful Women in Technology

Logicalis' Nancy Saltzman

Logicalis’ Nancy Saltzman

Nancy Saltzman, senior vice president, general counsel and corporate secretary, was named as one of the National Diversity Council’s Top 50 Most Powerful Women in Technology. Her recognition comes for being an accomplished leader who contributes to organizational growth and strategic direction while serving as a role model to other women in the industry.

Saltzman provides leadership, strategy and direction to Logicalis US. In addition, she oversees all legal activities including compliance and regulatory affairs. She serves as a collaborative business partner and trusted adviser to Logicalis’ senior management and executive leadership. She advises companies from startups to large, multinational companies, helping them to achieve growth objectives and maximize value.

Saltzman is also a dedicated mentor both within and outside of the organization. In January 2020, she became executive sponsor and a board member of Women of Logicalis, an employee resource group. Later in the year, she was named to the board of Legal Momentum, the Women’s Legal Defense and Education Fund.

In addition, for the past five years Saltzman has been a mentor with iMentor, an organization that partners with high schools to mentor and empower first-generation students from low-income communities to graduate from high school and succeed in college. She also served on the New York Board of Advisors of iMentor for two years.

“Their Leadership Is Essential”

“The National Diversity Council’s recognition of Sally and Nancy reinforces what we at Logicalis already know: Their leadership is essential to our organization,” said Logicalis US CEO Jon Groves. “Their contributions to Logicalis are immeasurable. I congratulate Sally and Nancy on these truly well-deserved honors.”

Logicalis US is an international IT solution and MSP. It is part of the Logicalis Group, which has more than 6,500 employees and annualized revenues of $1.7 billion, from operations in Europe, North America, Latin America, Asia Pacific and Africa.

The National Diversity Council is a non-partisan 501-c3 organization dedicated to being both a resource and an advocate for the value of diversity and inclusion. The national organization supports statewide and regional affiliates, which foster an understanding of diversity and inclusion as a dynamic strategy for business success and community well-being through various initiatives.

Mar 25

3 Disruptive Networking Technologies Coming to Your Data Center

By | Managed Services News

There’s at least one you might not expect.

Gartner has revealed its top three most disruptive technologies set to impact data center networking by 2025.

Andrew Lerner, research VP at Gartner,  said organizations should expect to see these technologies in their data center by 2025.

1. Consumption-Based Delivery

The first is not a technology, but a consumption-based delivery model, said Lerner, who was speaking at VMware’s Future:Net event.

Gartner's Andrew Lerner

Gartner’s Andrew Lerner

“The architectural definition of cloud is self-service. You get what you want, via an API, or a UI within moments. You then get billed for what you use. If you contrast that to the last couple of big data center networking purchases you’ve made, that doesn’t really jibe. It’s certainly not consumption-oriented, and on-demand and self-service.

“We’ve seen vendors trying to deliver things so that you can procure in a more cloud-like way — separating hardware from software and charging for it separately, shifting software to be subscription-based, changing the management portal and delivering it as a service.

“The next thing you’re going to see is hardware as a service. This is where you subscribe to the hardware versus buy it at fixed, per-port monthly pricing. By 2023 we predict that at least two major data center networking vendors will offer monthly fixed, per-port pricing as a procurement option. By 2025, 30% of enterprises will procure at least some of their data center switches via a hardware-as-a-service model.

2. SONiC (Software for Open Networking in the Cloud)

“SONiC is an open source network operating system, originally driven by Microsoft. You can run it on a wide hardware variety of switches; nearly all white boxes support it. But real-world deployment in the enterprise is nonexistent at this point. There are a couple of large providers doing it, like Azure and Tencent. And some service providers, but nobody in the enterprise is doing it.

“This is important because it has the capability to unlock innovation in networking like we haven’t seen before,” he said.

Lerner gives the analogy of Linux to demonstrate the potential of SONiC.

“If we walk into the enterprise today, most server OSS are either Linux or Microsoft. Linux transcends hardware; it transcends vendor. There’s Linux-based tooling and automation, and Linux as a skill set. It can go up in many different places. So, think about if SONiC does that in the data center network. You get this vendor-agnostic, hardware-agnostic ecosystem and skill set that that unlocks innovation in the data center. By 2025 our prediction is that 40% of large data center environments will run SONiC somewhere in their production environment.”

3. Function Accelerator Cards (FAC)

“FAC it is a next generation smart NIC,” he continued. “It is a NIC that goes into a server with a chip on it, which can do hardcore networking functions. In running those functions, you can free up the server from processing, like virtual switching. Or you could start to eat away at the middleboxes in the environment, like a firewall or a load balancer. And if you’re running a NAS on it, it becomes a leaf switch. There are very compelling price performance characteristics of a function accelerator card for certain workloads.”

Lerner said we’re already seeing adoption of function accelerator cards in large hyperscale event environments.

“These are the same environments that pioneered the patterns we see in enterprise networks today like leaf spine with Linux-based automation tools. By 2023, we predict that one in three NICs going out the door will be a function accelerator card,” he added.

One Extra Prediction

Lerner said it is important to know where things are not going as well in data center networking.

“Most data center networking vendors today are big on this notion of multicloud — or extending their on-premises policy engine and construct and console into the public cloud. So as the workload goes to Azure or Amazon, you can get single-pane-of-glass troubleshooting visibility. But the reality is, we do not see adoption of that to any significant degree.

“We project that behavior will continue so that through 2023, 90% of customers will continue to not bring their established data center networking stack for their workloads into the public cloud.”

Mar 24

Intel CEO Charts Future Path with IDM 2.0, Forms Research Pact with IBM

By | Managed Services News

The semiconductor giant is investing $20 billion to add plants in U.S. and Europe.

In a major pivot, Intel CEO Pat Gelsinger says the semiconductor giant will manufacture chips for competitors. Intel will also invest $20 billion to aggressively add manufacturing plants in the U.S. and Europe.

Looking to the future, Intel is partnering with IBM.

Gelsinger this week delivered the sweeping and aggressive blueprint, describing how he intends to restore Intel’s technical and market leadership.

As the largest provider of semiconductors for PCs and servers, Intel has fallen behind its rivals in recent years. Looking to reverse that tide, Intel tapped Gelsinger, as CEO in January. Gelsinger’s presentation  represents swift actions that could shape the competitive environment for device, data center and cloud compute infrastructure for years to come.

Intel's Pat Gelsinger

Intel’s Pat Gelsinger

“We are the only company with the depth and breadth of software silicon platforms packaging and process with at-scale manufacturing our customers depend on for their next-generation innovations,” the Intel CEO said. “To meet this moment and position our company for the future, I am setting a course for a new era of innovation and technology leadership.”

Besides offering Intel’s client and data center CPU road map, Gelsinger revealed an ambitious plan to create more efficient manufacturing capacity. Intel describes the effort as the second generation of its integrated device manufacturing (IDM 2.0) model.

Intel’s $20 billion expansion of manufacturing capacity in the U.S. and Europe aims to lessen its dependency on one region. Currently, 80% of Intel’s manufacturing plants are in Asia. The company broke ground on the first of two new plants on Monday at its campus in the Phoenix area. Gelsinger said Intel will launch a second site in the U.S. and one in Europe within the year.

Intel Foundry Services

The most notable departure for Intel is the decision to provide manufacturing capabilities to other chipmakers, including competitors. The company launch of Intel Foundry Services is a separate business unit. Gelsinger said Intel Foundry Services will satisfy unmet and growing demand for semiconductors.

“We see strong market demand overall,” the Intel CEO said. “The combination of our internal and external capacity requirements allows us to build ahead, create more capacity, that we can be satisfying those collective needs of our customers. And underneath that we’ll meet our commitments.”

As a separate business unit, Intel Foundry Services will be accountable for its own profit and loss performance, Gelsinger said.

“Obviously, we’re going to work hard to always be on the front foot of the technology, of the capacity and overachieving on every aspect of our businesses as we look forward,” he said.

Historically, Intel has shunned such a move, despite frequent calls for …

Mar 24

Threat Trends: Malicious DNS Activity

By | Managed Services News

This analysis examines a wide variety of threat trends, with a focus on the categories that are most active.

When it comes to security, deciding where to dedicate resources is vital. To do so, it’s important to know what security issues are most likely to crop up within your organization, and their potential impact. The challenge is that the most active threats change over time, as the prevalence of different attacks ebbs and flows.

This is where it becomes helpful to know about the larger trends on the threat landscape. Reading up on these trends can inform you as to what types of attacks are currently active. That way, you’ll be better positioned to determine where to dedicate resources.

Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. After examining topics such as the MITRE ATT&CK frameworkLOLBins, and others, this release will look at DNS traffic to malicious sites. This data comes from Cisco Umbrella, our cloud-native security service.

We’ll briefly look at organizations as a whole, before drilling down into the number of endpoints connecting to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive.

Overall, this can provide insight into how many malicious email links users are clicking on, how much communication RATs are performing, or if cryptomining activity is up or down. Such information can inform on where to dedicate resources, such as topics requiring security training or areas to build threat hunting playbooks.

Overview of Analysis

We’ll look at DNS queries to domains that fall into certain categories of malicious activity, and in some cases specific threats, between January and December 2020. While performing this analysis we looked at a wide variety of threat trends. We’ve chosen to highlight those that an organization is most likely to encounter, with a focus on the categories that are most active.

It’s worth noting that we’re deliberately not making comprehensive comparisons across categories based on DNS activity alone. The fact is that different threat types require varying amounts of internet connectivity in order to carry out their malicious activities. Instead, we’ll look at individual categories, with an eye on how they rise and fall over time. Then we’ll drill further into the data, looking at trends for particular threats that are known to work together.

Click here for the full analysis.

This guest blog is part of a Channel Futures sponsorship.

Mar 24

4 Common Myths about BCDR Solutions

By | Managed Services News

Picking the right BCDR solution is crucial to ensure your clients and your business are protected.

Whether you are new to BCDR (business continuity/disaster recovery) services or replacing your current product, it’s important to get beyond common myths and see the bigger picture. Understanding these misconceptions can help you select the right product for your managed services practice.

Myth 1: Backup is good enough.

Backup is obviously a critical part of business continuity and disaster recovery. However, on its own, backup leaves businesses susceptible to costly downtime. Why? Because recovering large data sets (such as the contents of an entire server) can be time-consuming–not to mention the time it takes to procure new hardware if primary systems become inoperable. Meanwhile, productivity grinds to a halt, and revenue stops flowing. That’s why businesses need a solution that enables fast restores in addition to backup. For many organizations today, that means BCDR. BCDR solutions use backup, snapshot, virtualization and the cloud to protect data and enable fast restores.

Myth 2: Software-only BCDR vendors are less expensive 

It’s understandable why this myth exists, because software-only products do have lower up-front costs when compared with all-in-one solutions. That’s largely because you can deploy them on any hardware (for example, inexpensive, commodity x86 servers) and public cloud. However, if you look at the total cost of ownership (TCO), software-only products can actually be more expensive than all-in-one solutions in the long run.

With all-in-one solutions, ease of use is prioritized. You get a single vendor (and monthly fee) for hardware, software and cloud. Technical support is straightforward, no matter where the issue lies. Also, hardware is right-sized for client deployments, reducing manual labor, configuration errors and the associated costs of each. All-in-one solutions may even include hardware replacement and capacity upgrades, easing scalability over time. Finally, there are no unexpected cloud costs.

Myth 3: All clouds are the same

Yes, all cloud providers deliver highly available server and storage infrastructure. However, that does not mean they are created equally for BCDR. Public cloud costs are unpredictable at best. Yes, you only pay for what you use, but that means costs spike at the worst possible time—when you mount and run a recovery virtual machine (VM). Additionally, cloud providers charge egress fees for moving data out of the cloud. Finally, some clouds have different tiers for compute, storage and security, which can add complexity. Some all-in-one BCDR solutions include cloud costs in a single monthly fee. This can be a benefit for MSPs, because it keeps OPEX costs predictable. It makes billing clients for BCDR services simple and ensures margins on services remain consistent. Some all-in-one solution providers offer additional security measures like two-factor authentication at every step and hardened cloud appliances. Others might offer data immutability and automated retention capabilities that help organizations meet security objectives and compliance regulations.

Myth 4: All BCDR solutions carry the same risk 

This simply isn’t true. The amount of risk you assume when delivering BCDR services can vary widely depending on the solution and vendor you choose. Again, let’s compare all-in-one solutions with software-only products. With software-only products, you’re relying on multiple vendors for hardware, software and cloud. This can result in multiple points of failure and potential finger-pointing among vendors, so it takes longer to resolve issues. What’s worse, if one vendor makes a change, it can impact the entire solution. For example, a software update might result in anything from a minor decrease in performance to a costly hardware upgrade. With all-in-one solutions, MSPs get single-vendor backing and support across software, hardware and cloud. This means less risk for MSPs.

As an MSP, picking the right BCDR solution is crucial to ensure your clients and your business are protected. Now that we’ve dispelled some of the myths about BCDR solutions, it’s time to dive into how to select the right one for your business. Download our BCDR Buyer’s Guide for tips on what to look for when selecting a BCDR solution.

 Christian Kane is Manager, Product Marketing-Unified Continuity, Datto.

 This guest blog is part of a Channel Futures sponsorship.

Mar 24

CloudBolt Software Rolls Out Enhanced Partner Program

By | Managed Services News

CloudBolt has nearly 200 global customers and growing.

CloudBolt Software has unveiled an enhanced partner program to help partners grow their pipeline and create new revenue streams.

The company’s Rainmaker program provides access to hybrid, multicloud solutions that support and deliver value across all types of cloud service engagement. CloudBolt Software’s focus is to ensure its partners can deliver maximum value while benefiting from profitability and growth.

CloudBolt Software is backed by Insight Partners, a $30 billion private equity firm. In addition, it has nearly 200 global customers and growing.

Partners Are Front and Center

CloudBolt's Larry Kraft

CloudBolt’s Larry Kraft

Larry Kraft is CloudBolt Security’s senior vice president of global channels and alliances. He said Rainmaker reflects CloudBolt’s rapid global expansion and evolving go-to-market strategy.

“Our partnerships are now the front and center linchpin of value for CloudBolt’s aggressive growth plan,” he said.

The Rainmaker rollout correlates with and facilitates the accelerating shift to an all things as-a-service market landscape, the company said. Enterprises need a wider variety of technologies and services to meet customers wherever they are on their hybrid cloud, multicloud journey.

Pushing software and hardware is no longer the value play. Instead, delivering white-glove levels of service is the focus.

“The last year has been tremendous for CloudBolt,” Kraft said. “Two very significant acquisitions greatly expanded what we were able to offer customers and solidify our vision for the future of cloud management. One was SovLabs, a leading provider of codeless integrations for hybrid cloud automation tools. The other was Kumolus, an innovator of cloud cost management, security and governance solutions. We also secured $35 million in Series B funding, and received a number of awards and accolades.”

Benefits and Incentives

Among the benefits and incentives offered to partners:

  • Partners are provided with comprehensive onboarding and training.
  • They receive a variety of discounts, renewals, referral fees and sell-through margins.
  • They receive co-branded collateral, campaigns in-a-box, social posts and customizable assets. There are also sponsorships and access to market development funds (MDF).
  • The partner portal/learning management system (LMS) facilitates deal registration. It also provides not for resale (NFR)/trial keys for partner labs and access to CloudBolt University for education and certifications.
  • Spiffs and monetary incentives to reward activity that helps grow the pipeline and close deals.

“Rainmaker absolutely gives CloudBolt and its partners a competitive advantage,” Kraft said. “CloudBolt gains many more opportunities to share its products, services and vision to enterprises no matter where they are on their hybrid cloud journey. Partners can now provide their clients with best-of-breed solutions to evolving cloud management challenges, such as eliminating the need to custom code integrations, establishing robust self-service IT, reducing costs, gaining full visibility across entire cloud infrastructures, and ensuring worry-free security and compliance.”

Additionally, Rainmaker will deliver financial benefits while protecting partners for the opportunities identified, developed and closed, he said.

“The program is built on an adaptable framework that accommodates different partner types and sizes, while providing flexible pricing options to support the metamorphosis our partners are experiencing as the market pivots to everything-as-a-service,” Kraft said. “We will help our partners maintain and grow their hard-earned loyalty and advisor status with their customers.”

Ryan Keese is chief revenue officer at Pareto Cyber.

“Pareto’s partnership with CloudBolt had us and our clients excited, as we’ve been able to quickly rationalize, optimize, automate and accelerate cloud strategies,” he said. “In less than a few weeks, we have partnered on a number of strategic deals for clients with an immediate need for comprehensive cloud management, compliance and cost savings,” he said. “We look forward to many more.”

Mar 24

Ingram Micro, Partners React to Tech Data-Synnex Deal: ‘Good for Everybody’

By | Managed Services News

The deal demonstrates a pivotal shift in the channel.

Ingram Micro and other prominent distributors don’t seem to be sweating Tech Data and Synnex’ $7.2 billion merger.

Tech Data and Synnex earlier this week dropped the bomb that they will be combining forces to create an approximately $57 billion company. However, their rivals are calling the massive consolidation a major validation of their industry.

Kirk Robinson, U.S. chief country executive at Ingram Micro, offered an optimistic outlook on the Tech Data merger in an interview with Channel Futures.

Ingram Micro's Kirk Robinson

Ingram Micro’s Kirk Robinson

“What an awesome time to be in this industry. I’m just excited. It’s always evolving and changing, whether it’s the technology or the landscape,” he said.

Robinson spoke to Channel Futures not long after meeting with Ingram’s Trust X Alliance, an exclusive group of IT solution providers. He told us what he told the partners: The channel will benefit from the merger.

“The conversation we had with the partners was, ‘This should be good for for everybody,’” Robinson said.

Robinson said resellers will remain loyal to Ingram, especially Trust X members who pay to collaborate with the distributor. He said Ingram will stay the course as Tech Data goes through the integration process.

“From our point of view, there’s a healthy respect for our competition, but we know they’re going to be quite busy,” Robinson said. “When a merger likes that comes together, they’re going to be busy for a while.”

Five Years Prior

This isn’t the first time Tech Data  acquired another distributor. The company in 2016 announced its purchase of Avnet’s technology services unit. The $2 billion-plus transaction bolstered Tech Data’s Asia-Pacific presence and gave it additional firepower in its quest to unseat Ingram in the market.

However, Robinson said that Tech Data’s previous acquisition panned out quite well for Ingram Micro. Ingram hired former Avnet employees who fit very well with its culture.

“We’re a very competitive team, and when we saw Tech Data buy Avnet, we posted some of the best numbers the company has ever seen,” Robinson said.

Do resellers and manufacturers feel positive about the merger? Robinson said it differs based on the reseller’s perspective. Similarly, vendors will differ based on their existing relationships with the Tech Data and Synnex. They’ll need to evaluate the overlap, Robinson said.

A Changing Landscape

Michael Schwab, co-president of Illinois-based D&H Distributing, called the Tech Data acquisition one of the biggest he has ever seen in the industry. Like Robinson, he also expressed a positive outlook. For him, the deal represents a serious validation of the distribution industry.

“From my perspective I’m not sure distribution’s ever been valued as highly as it is today, [as well as] the role we play in helping the manufacturers and reselling partners facilitate their success,” Schwab said.


D&H’s Michael Schwab

Avant Communications CEO Ian Kieninger agreed that consolidation represents a “maturing market.”

However, the acquisition also indicates a key shift in the market that partners dare not ignore. Schwab said cloud-based services and solutions matter just as much as product delivery now.

“IT equipment historically was perhaps a little more transactional. You had routers and switches and notebooks and servers. We would have the product in inventory. We would be competitive in our go-to-market pricing. You would essentially measure success on top-line revenue and our ability to grow each and every year,” he said.

Now distributors and their partners need to enhance their offerings to include more than just hardware.

“We want to continue to lean in to make sure our sell-out capabilities are more than the hardware itself, but all the integrated, value-oriented services that go along with that,” he said.

MNJ Technologies Chief Operating Officer Benjamin Niernberg observed the same trend.

“We are changing at a pace that’s faster than ever before, and the need…

Mar 24

Cloud Security Provider Says Policy Gap Puts AWS Security at Risk

By | Managed Services News

An attacker could take over accounts, delete group members, steal data and shut down services.

A gap between AWS Identity and Access Management (IAM) user and group policies presents a prime opportunity for exploitation by cybercriminals.

That’s according to Israel-based Lightspin, the cloud security provider, which discovered the gap. Its research team was able to compromise dozens of accounts by using this technique.

By exploiting this gap, an attacker can take over accounts, delete group members, steal data and shut down services.

Or Azarzar is Lightspin‘s co-founder and CTO. He cited no evidence of threat actors exploiting the gap, but now that it’s public, they will likely abuse it.

Lightspin's Or Azarzar

Lightspin’s Or Azarzar

“It can allow standard users to escalate their privileges and steal admin credentials or reset admin passwords and login on their behalf (in certain circumstances),” he said. “So generally it can lead to an AWS account compromise.”

Differing Policies

Lightspin researchers discovered many security administrators were unaware that AWS IAM rules do not work the same way as Azure Active Directory or other authorization mechanisms.

According to Active Directory Azure policies, if a group is denied read access to the file, all group members cannot access it. However, IAM handles group and user authorizations separately. Even if a group has an explicit denial, this will only impact group actions, not user actions. Amazon does not warn system administrators that users’ accounts can still be accessed even if their group is protected.

Vladi Sandler is Lightspin‘s CEO.

“Initially, we believed this vulnerability was an isolated case,” he said. “However, upon further investigation, we found that in many cases, users could perform actions that system administrators believed were denied when they configured group security configurations. This makes users accounts believed to be safe easy to infiltrate.”

Lightspin says more than half of the companies it works with have unintentional, loose permissions for their users due to this authorization bypass. This puts them at risk.

There are two options to ensure users can’t perform actions they were intended to be denied using group authorizations:

  • Each user can be listed separately while setting deny rules.
  • Each user can be tagged to be included in a group.

Both procedures can be cumbersome and difficult to maintain, Lightspin said. However, they are the best way to prevent intruders from changing login information and taking over accounts.

Lightspin developed an open-source scanner that reports when user permissions are loosely defined, opening up an attack path for hackers.