Identity

Identity is increasingly considered the primary security perimeter in the cloud, which is a shift from the traditional focus on network security. Identity services provide the core mechanisms supporting access control and organisation within IT environments, and the Identity Baseline discipline complements the Security discipline by consistently applying authentication and authorisation requirements across cloud adoption efforts.

The following policies will be implemented:

• a least-privilege access model will be applied to any resources involved in mission-critical applications or protected data.
• elevated permissions should be an exception, and any such exceptions must be recorded with the cloud governance team. Exceptions will be audited regularly

All accounts are required to sign in to secured resources using a multifactor authentication method.

Cloud governance processes must include a quarterly review with identity management teams to identify malicious actors or usage patterns that should be prevented by cloud asset configuration.