As cloud environments become increasingly integral to business operations, the risks associated with identity management and legacy vulnerabilities have surged to the forefront of cybersecurity concerns. Today, we’re thrilled to sit down with Malik Haidar, a seasoned cybersecurity expert with a deep background in combating threats within multinational corporations. With his extensive experience in analytics, intelligence, and security, Malik has a unique perspective on integrating business needs with robust cybersecurity strategies. In this conversation, we’ll dive into the critical role of identity in cloud security, the challenges of managing over-privileged accounts, the persistence of old vulnerabilities, and the systemic risks tied to rapid cloud deployments.
Can you walk us through what identity-related weaknesses mean in the context of cloud security, and why they’re such a significant concern?
Absolutely. Identity-related weaknesses in cloud security refer to flaws in how user and system identities are managed, authenticated, and authorized within cloud environments. This includes issues like excessive permissions, where accounts have more access than they need, as well as misconfigured roles that don’t align with actual job functions. Credential abuse is another big factor—when attackers steal or misuse legitimate credentials to gain access. These weaknesses are a significant concern because they provide a direct entry point for attackers. Once inside, they can move laterally, escalate privileges, and cause substantial damage, often without triggering any alarms since they appear as legitimate users.
Why do you think identity has become such a prime target for threat actors in recent years?
Identity has become a prime target because it’s often the path of least resistance. Cloud keys and credentials are frequently exposed due to insecure storage or phishing attacks, and they’re easily available on cybercrime markets for next to nothing—sometimes just a couple of bucks. This low barrier to entry means attackers can scale their operations quickly and cheaply. Plus, with most cloud identities being over-privileged, getting access to one account often means gaining a foothold to much broader systems. It’s a high-reward, low-risk strategy for threat actors, which is why we’re seeing such a spike in these attacks.
Speaking of over-privileged identities, why is this issue so pervasive across organizations, and what hurdles do they face in addressing it?
The issue of over-privileged identities—where accounts have access rights far beyond what’s necessary—is pervasive because of how cloud environments are often set up. Many organizations prioritize speed and convenience during deployment, granting broad permissions by default to ensure nothing breaks. But over time, as systems scale and identities multiply across platforms like AWS, Azure, and Google Cloud, managing thousands of accounts becomes a nightmare. The hurdles are both technical and cultural. Technically, it’s tough to audit and adjust permissions at scale without the right tools. Culturally, there’s often a lack of awareness about the risks or resistance to tightening access due to fears of disrupting workflows. It’s a balancing act that many struggle with.
One alarming point is how attackers can log in as legitimate users without raising red flags. How does this stealthy approach complicate threat detection for organizations?
When attackers use legitimate credentials, they blend in with normal user activity, making detection incredibly difficult. Traditional security tools often rely on spotting anomalies like unusual login locations or times, but if an attacker is using stolen credentials and mimicking typical behavior, those red flags don’t appear. This stealth allows them to operate undetected for days or even weeks, exfiltrating data or setting up deeper access. It complicates things because organizations need to shift from just perimeter defense to continuous monitoring of user behavior and context—looking for subtle signs of compromise even when everything seems normal on the surface.
What strategies or tools can organizations use to spot unauthorized access, especially when it appears legitimate?
To catch unauthorized access that looks legitimate, organizations need to lean on advanced behavioral analytics and machine learning tools that establish a baseline of normal user activity and flag deviations, no matter how small. Solutions like User and Entity Behavior Analytics (UEBA) can help by detecting patterns that don’t match a user’s typical behavior. Additionally, implementing multi-factor authentication across all accounts adds a layer of defense, even if credentials are stolen. Tools like AWS IAM Access Analyzer or Microsoft Entra Permissions Management can also help by identifying over-privileged accounts and suggesting tighter controls. It’s about layering defenses and constantly monitoring, not just relying on one solution.
Let’s shift gears to the risks tied to poor DevOps practices. Can you explain how these contribute to security gaps in cloud environments?
Poor DevOps practices are a major source of risk because the speed and automation that make cloud environments so powerful can also amplify mistakes. When developers prioritize rapid deployment over security, they often reuse old templates or configurations that contain known vulnerabilities. This leads to what’s called systematic redeployment—where a single flaw in a template gets replicated across new servers, containers, or functions in minutes. Without proper security checks baked into the CI/CD pipeline, these gaps go unnoticed until they’re exploited. It’s a systemic issue because the pace of deployment often outstrips the ability of security teams to manually scan and fix issues.
Why do you think old vulnerabilities keep resurfacing in new cloud deployments, even years after they’ve been identified?
Old vulnerabilities resurface because of a mix of human oversight and systemic flaws in processes. Many organizations don’t have robust mechanisms to update or retire outdated templates used in automated deployments, so a flaw from years ago—like some of those critical CVEs dating back to 2021—gets redeployed in new infrastructure. It’s often not just human error but a lack of clear ownership over who’s responsible for remediation. Security teams might flag issues, but if developers or ops teams don’t prioritize fixes, the cycle continues. Automation without accountability creates an ever-growing backlog of vulnerabilities that attackers can exploit.
What steps can organizations take to break this cycle of redeploying outdated flaws and better secure their cloud environments?
Breaking this cycle starts with embedding security into the DevOps process from the get-go—often called DevSecOps. Automating security checks in CI/CD pipelines with static analysis tools can catch vulnerabilities before they reach production. Organizations should also enforce least privilege policies to limit damage if a flaw is exploited. Regularly auditing and updating deployment templates is critical, as is fostering collaboration between security and development teams to ensure accountability. Finally, using short-term credentials instead of static keys for cloud access reduces the risk of long-term exposure. It’s about building security into the workflow, not treating it as an afterthought.
Looking ahead, what is your forecast for the evolution of cloud security risks, especially around identity management, in the next few years?
I think cloud security risks, particularly around identity management, are only going to grow more complex in the next few years. As organizations continue to adopt multi-cloud and hybrid environments, the attack surface will expand, with even more identities to manage across disparate systems. Threat actors will likely double down on targeting credentials, especially as AI-driven phishing and social engineering become more sophisticated. On the flip side, I expect to see advancements in zero-trust architectures and identity governance tools that help mitigate these risks. But the key will be adoption—organizations need to move faster to implement these solutions, or they’ll keep playing catch-up with attackers. It’s going to be a race between innovation in defense and the creativity of adversaries.
