User managed service accounts with user-managed keys

Data protection

User managed service accounts with user-managed keys

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
GCP CIS
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK v12
New Zealand Information Security Manual
NIST 800-53
UK Cyber Essentials

Description

User managed service accounts should not have user-managed keys. User-managed keys can be easily leaked by common development malpractices like checking keys into the source code or leaving them in the Downloads directory, or accidentally leaving them on support blogs/channels. It is recommended to prevent user-managed service account keys.

Recommended Mitigation

For each user-managed service account, delete all keys managed by the user

User managed service accounts with user-managed keys

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS