With a focus on quality at speed, DevOps depends on the quick provisioning of resources. But GCP permissions can bog down teams that require access to assets, especially in organizations using a multi-cloud architecture. Just-in-time (JIT) permissioning enables DevOps teams to access required resources when and where they need them in a way that minimizes the organization’s security risks. In this post, we’ll explore common security and logistical challenges with GCP permissions and how JIT strengthens security without slowing down DevOps processes.
GCP Permissions and the Role of IAM
GCP’s Identity and Access Management (IAM) system consists of a combination of tools and technologies that Google makes available to cloud administrators. IAM enables admins to manage access control, determining who has access to which resources and what actions they can take on those resources. When a user attempts to access a resource, IAM compares the user’s request to the resource policy governing the resource and determines whether or not the request is granted. Access is managed by assigning users a role, or often a collection of roles. Roles define the level of access granted.
Five Challenges with GCP IAM Permissioning
Although GCP IAM is a powerful tool, it isn’t intended to be an all-in-one privileged access management solution. The permissions IAM grants are standing permissions, accessible to anyone using their credentials at any time. This alone poses a significant security risk. In addition, the time and resources required to manage permissioning in IAM can create resource bottlenecks and misconfigurations that generate unnecessary exposure to risk. Here are five specific challenges that make GCP IAM permissions a challenge for security teams.
Difficult to align with the principle of least privilege
The principle of least privilege asserts that access to resources should only be granted to a specific user when the user’s job requires them. But the way that roles are handled in IAM can make it difficult to put least-privilege into practice. For example, basic GCP IAM roles grant broad privileges across GCP, so someone who’s been assigned edit rights in one project can make changes or deletions in others.
Poorly-defined roles may contain unnecessary permissions
Right-sizing permissions ensures that users can’t access resources they don’t need to complete their work. But the template-like design of IAM’s predefined roles makes excluding all unnecessary permissions nearly impossible in practice. Unlike custom roles, they’re premade and ready to use. This one-size-fits-all approach to permissioning can create scenarios where users are assigned permissions they don’t need, creating unnecessary vulnerabilities.
Managing permissions for a large number of users is cumbersome
Cloud admins are responsible for assigning permissions to both human and non-human users that require regular access to resources. As users and the permissions associated with them grow organically over time, permissioning remains in a state of continual evolution as employees join and leave the organization, move between projects, or change positions. The dynamic nature of the DevOps process makes keeping track of outstanding permissions a constant challenge.
Roles cannot be applied outside of the context in which they were created
Custom roles resolve the primary weakness of using predefined roles: the inability to customize resource access. With custom roles, admins can tailor permissions to suit their unique needs. But custom roles can’t be applied beyond the project or organization in which they were created, making these difficult to apply to users whose job responsibilities extend beyond them. When DevOps team members are working on multiple projects at once, custom permissions must be applied to all project resources.
Time-consuming to set up and manage
Especially for larger organizations, setting up and managing GCP permissions can be a time-intensive process. Since custom roles aren’t automatically managed and updated by Google, admins must maintain these on their own.
How JIT Access Strengthens GCP Security
JIT access is a foundational security best practice that provides users with access to resources for the minimum amount of time they are required to complete a task. JIT resolves the vulnerabilities that standing privileges present, providing numerous security advantages. By enforcing strict limits on when resources can be accessed, what actions can be taken on them, and for how long, organizations can reduce their attack surface considerably. Here’s why JIT is so powerful.
Enables enforcement of least privilege
JIT access supports the principle of least privilege. Using a Privileged Access Management (PAM) platform, admins can selectively control the level of user privilege during the active session, providing elevated privileges to complete required tasks rather than elevating privileges across the entire user session.
Strengthens security without impeding cloud operations or administration
DevOps teams rely on seamless access to resources to remain efficient. JIT facilitates this, automatically granting users access to resources upon request, for a predetermined amount of time, automatically expiring those permissions, and rotating credentials once that timeframe has passed. Access for non-human entities like scripts and APIs work in a similar way.
Supports a Zero Trust posture
Zero Trust requires that all users be authenticated, authorized, and continuously validated. This precondition for resource access reduces the risk of a security breach and minimizes the impact if one does occur. JIT access requires users to reauthenticate if additional time is required.
Allows users to stay productive without creating unnecessary risk
PAM solutions allow cloud security administrators to specify when and where JIT access can be granted and for how long. This level of customization helps meet the unique needs of DevOps teams while maintaining high-security standards.
Accelerate DevOps Security with JIT Access
GCP permissioning doesn’t need to slow down DevOps initiatives. Using a privilege access management system designed for multi-cloud environments, organizations can easily implement JIT and other modern resource security measures. When time and security matter, JIT access provisions cloud resources quickly and securely, providing teams with the tools they need to move the development process forward.
Download “Data-Driven GCP Security Strategies for Multi-Cloud Landscapes” to learn more security strategies GCP users can implement to improve cloud security.