Identity and Access Management

 Identity and Access Management

Qualys found poor implementation levels of IAM in all three major providers:

Multifactor authentication: AWS isn’t enabled for 44% of IAM users with console passwords. IAM Access Analyzer isn’t enabled in 96% of the accounts scanned by Qualys.

In Azure, scans for enabling authentication and configuring client certificates within Azure App Service fail 97% of the time.

Exposure of external-facing assets from leaky S3 buckets

Qualys noted that a common mistake by users across the three platforms is public exposure of data:

Qualys reported 31% of S3 buckets are publicly accessible.

The misconfiguration of leaving public network access enabled was seen in 75% of the Azure databases.