Identity Security, SpaceX, Ephemeral Entitlements, and Data
It’s a time-worn adage: “What goes up must come down.” This took on a new meaning this past winter. On February 3, 2022, SpaceX launched 49 Starlink satellites. A day later, they were hit by a geomagnetic storm. By February 8th, SpaceX reported that 40 of the original 49 would reenter the Earth’s atmosphere and disintegrate, or they would soon. These precious resources lasted less than a day. And in designing, monitoring, and governing its spacecraft to ensure that they were ephemeral, SpaceX has learned from a troublesome legacy of past space programs: the ever-growing problem of space debris.
At this point, there are over 14,000 objects in space that are junk – fragments of spacecraft, old boosters, and forgotten satellites – no longer serving any functional purpose. Not only are they junk, but they are dangerous pieces of junk, traveling much faster than a speeding bullet at 28,000 kilometers per hour.
SpaceX has already taken note of this problem and designed their spacecraft to disintegrate completely upon reentry, which reduces the risk to both those in orbit and those on the ground. (The ISS, for example, is currently on schedule to reenter in 2030 over Point Nemo, hopefully sending debris into an unpopulated section of the Pacific Ocean.)
Businesses should take note: with the rush to cloud adoption, today’s organizations have embraced the cloud’s potential for scale and speed. There are a few limits to growth in a cloud-based approach, including sensitive data and entitlements. This leads to an ever-growing problem for today’s businesses: instead of being designed like the Starlink satellites limited in scope, limited in duration—governed well—data and entitlements are spiraling out of control, much like the ever-growing ones cloud of space debris.
This lack of oversight for entitlements and data means that risk to the enterprise also grows as critical questions go unanswered: “What sensitive data exists—and where is it?” “What entitlements give access to sensitive or valuable data or controls?” “Who should own/provide oversight into those entitlements?” “What mitigating controls might be applied to ensure that entitlements only stay around as long as they are vital?” As long as these questions do not have answers, entitlements and sensitive data can linger, waiting to be links exploited by malicious actors rather than being created, monitored, and governed to be viable only as long as they serve the business.
Answering these questions is a journey that mirrors the efforts to deal with space debris, both new and old. Visibility into what entitlements and data exist across today’s multi-cloud environment is an essential base. This alone is a challenging prospect because cloud environments are in constant flux. Knowing what’s there is crucial for the next step: abstracting the multi-cloud access model into a functional structure and aligning responsibility for entitlements and data that are important to the business. After visibility and accountability are established, taking coherent action is the next phase; IT and business policy work together to eliminate unnecessary and dangerous access discovered and prevent it from occurring in the future. When dealing with cloud-based data and entitlements, one thing is for sure: the future always means change.