On Wednesday, July 21, Microsoft announced that it had acquired the Californian startup CloudKnox Security. CloudKnox develops software that helps companies and organizations manage the level of access to cloud resources that they give to machines and users. This move by Microsoft signals that the company is serious about providing the highest level of security to Microsoft Azure customers.
Both as a result of the COVID-19-induced lockdown and the advancements in technology, companies increasingly rely on cloud services. The associated proliferation of containers and virtual machines means that companies have to manage an increasingly complex and interwoven network of privileges and permissions they give out to employees and machines.
While affordable cloud services have become invaluable, they also bring forth new security risks and potential new avenues for cyberattacks. As a company’s privileges network becomes larger, so do the chances of multiple elements having a needlessly high level of privileges increase. All of these overprivileged elements, be they human or machines, increase the risk of cybercriminals endangering crucial company infrastructure by appropriating misused privileged credentials.
This is similar to how you might give editing access for a Google Spreadsheet to too many people. In almost every case, the sheet will become irreversibly misshapen, and valuable data will get lost.
CloudKnox Security is a Californian startup founded in 2015. The company has developed a platform that leverages activity-based authorization APIs to find overprivileged elements in the cloud infrastructure. Once it detects such an element, CloudKnox’s software reduces its privilege level to the lowest possible while ensuring the whole infrastructure remains fully functional.
After the acquisition, Microsoft Azure customers will be able to utilize CloudKnow Security software to right-size permissions and enforce a least-privilege system, significantly reducing the risks of malicious agents breaching security.
The announcement came on the wings of the previous two acquisitions of RiskIQ and ReFirm Labs. However, Microsoft did not disclose the details of their CloudKnox Security deal.