From ncsc.gov.uk
No matter which cloud service you choose, there are two aspects of your security that you always have some responsibility for:
- how you authenticate to the service
- how you manage the service
If an attacker compromises one of the admin accounts used to manage your cloud, this will seriously undermine any protections you’ve set up, as admins are trusted enough to overcome security controls.
In light of this, we’ve recently updated the secure system administration guidance to cover two topics that we felt needed more explanation:
- high-risk access (where access is needed to administer a critical component of your system during normal operation)
- emergency access (where access is needed when the normal ways of administering your system are not available, also known as ‘break-glass’ access)