 |
| Cleaning up unused cloud privileges |
Regular account cleanup is part of account administration and security best practices, not just for cloud environments. So it is great when your cloud provider offers functionality to analyse the security setup and to detect unused (inactive) identities and privileges in your account. Over the past year, I looked at those features and thereby created a mini series on cloud security and account cleanup. Here is an overview.
IBM blogs
You may have noticed that my blog posts moved from ibm.com/cloud/blog to ibm.com/blog. You can now find all my recent content at my author overview page.
IBM Cloud account cleanup
The following blog posts are related to cleaning up identities and privileges in your IBM Cloud account.
- Retrieve and Analyze Your Cloud Access Management Data is not the first post in the series, but gives a good overall introduction into what APIs are available for Identity and Access Management (IAM), resource management, and more. It also touches on activity tracking, log analysis, and compliance posture. With data about what is going on and how to retrieve details and act on them, you have the right foundation.
- The blog post Cloud Security: Identify Inactive Identities looks at what identities exist in IBM Cloud and how to find out which of them present in your account have not been used for a while.
- In my recent blog post, IBM Cloud inactive identities: Ideas for automated processing, I follow up on the previous topic and lay out possible steps to take and how to automate them. Simplified, automated cleanup is better than none or complicated manual work.
- In IBM Cloud security: How to clean up unused access policies I discuss privileges (access policies) in contrast to identities, and how to find out which permissions could be removed.
The above are just the blog post on cleanup of identities and privileges. You can find more security blog posts and other topics at my IBM author page or in this blog. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik), Mastodon (@data_henrik@mastodon.social), or LinkedIn.