Account management is a very serious problem in the cloud. Cloud account management becomes more difficult as more attackers log in using stolen account information. Existing data centers, which are protected by "Castle and moat," can be accessed with important systems only when they break through strong network boundary security, so they could be protected to some extent even using shared IDs or easy account information.

However, the cloud is not protected by a "Castle and moat" like data centers because the security boundary is lowered to an "ID". Since important systems can be accessed anywhere in accessible clouds, they can be dominated by attackers if account information is stolen.

Cloud accounts are also frequently traded. Trend Micro reported a site selling data log access rights that can access millions of data for $1,000 a month. IBM said a large public cloud access key was being sold for only $15 and there was also an online course to steal account information and guide them to use it in attacks.

In order to protect account information, it is required to comply with the zero-trust security principle as follows: 1) the appropriate person should be monitored to access the appropriate data 2) in a timely manner 3) and to act within the authority. Allowing more authority increases security threats whereas excessive control of authority lowers work productivity. While maintaining the same basic principles in the cloud, automated policies should be applied to account for the flexibility and scalability of the cloud.

[Source: Datanet   http://www.datanet.co.kr/news/articleView.html?idxno=158082]