How to identify rogue AWS accounts with Nudge Security

Discover your organization’s unmanaged AWS accounts and automate workflows to enroll them in centralized governance.

April 20, 2023

In previous posts, we’ve talked about the dangers of rogue or unmonitored AWS accounts, and how much they can cost your organization. To recap:

  • You can’t secure what you can’t see. Unmonitored cloud accounts may be invisible to your IT and security teams, but they can still introduce risks to your organization.
  • Your root user is an inadvertent security team of one. Without centralized governance, the only security measure in place is the employee who created the account—and if they leave, you have no controls in place at all. 
  • Bills may be your first sign of trouble. With no ability to monitor rogue accounts, you won’t find out about suspicious activity until it’s too late. 
  • Costs can range from missing discounts to massive fines. Rogue cloud accounts have the potential to create substantial costs for your organization, including missing discounts, surprise bills, regulatory fines, and data breach recovery costs. 
  • Policies alone are not enough. The stakes are too high to rely solely on individual behavior—but AWS doesn’t provide a technical mechanism to prevent users from creating unmanaged accounts (or to help organizations find them).

Here, we’ll dig into the alternative: automatically identifying cloud accounts as soon as they’re created, so you can add them to your centralized governance process immediately and make sure they’re configured correctly. 

How Nudge Security can help

Nudge Security gives you visibility of all of your organization’s cloud assets—including the unmonitored accounts your employees may have forgotten about—so you can avoid unnecessary costs and security risks. For Amazon AWS, you can even run a simple, automated playbook to discover existing AWS accounts, alert you to new ones as they’re created, and bring them into centralized governance. Any time an employee creates a new cloud account, you can also nudge them to use your organization’s preferred cloud services provider, justify their usage, or take security measures like enabling MFA. 

Before we get into the step-by-step guidance, here’s a quick, interactive demo showing how to identify unmanaged AWS accounts using Nudge Security. If you want to see your own AWS accounts, you can also kick off a free trial and try it free for 14 days

1. Start with an inventory of your organization’s SaaS and cloud assets.

Nudge Security discovers all the cloud and SaaS assets associated with your organization, including accounts with major cloud service providers like Amazon AWS, Google Cloud Platform, and Microsoft Azure. Even if your organization doesn’t consider itself multi-cloud, you may be surprised by what you find! 

2. See an overview of your organization’s AWS infrastructure.

Nudge Security provides a dashboard showing your AWS Organizations and the accounts within them, as well as the unmanaged accounts that aren’t currently associated with an AWS Organization. You can search, filter, and export the data. 

3. Run an automated playbook to clean up your organization’s unmanaged AWS accounts.

Take control of your AWS accounts with Nudge Security’s automated playbook that walks you, step-by-step, through discovering and managing your organization’s AWS footprint. You can see an at-a-glance count of your managed and unmanaged accounts at the beginning of the playbook. 

4. Identify unmanaged AWS accounts and root users.

Nudge Security shows you all the AWS accounts that your developers have created, whether they remember doing so or not. This includes historical accounts that may have been abandoned over time, as well as accounts with owners who may have left your organization. For each account, we show you the AWS account number, the amount that has been billed, the date it was created, its activity status (active or inactive), and the name of the root user who created it. 

5. Invite unmonitored accounts to your AWS Organization.

From here, you can invite unmonitored accounts to your AWS Organization, either via command line or by pasting each AWS account number into the invite field within your AWS account. 

6. Set up automated alerts for new AWS accounts.

Ah, the old “trust, but verify.” As much as we’d love to trust each and every employee to remember to follow your organization’s centralized governance process, mistakes happen—and at complex organizations, acquisitions or distributed responsibilities for managing cloud services call for programmatic solutions rather than relying on individual employees. 

Nudge Security enables you to set up automated alerts when your employees create new AWS accounts so you can make sure they’re configured correctly and centrally governed. 

7. Automatically “nudge” employees when they create new accounts with unapproved cloud providers. 

If your organization has an agreement in place with certain cloud providers, you might want to encourage employees to stick to your preferred vendors to take advantage of pre-purchased credits or favorable pricing. Nudge Security enables you to nudge employees automatically any time they create an account with a provider you’d prefer they avoid with a request to either explain why the account is necessary or switch to your preferred provider. You can also nudge employees to tell you whether they’re still using an account or encourage them to enable security measures such as MFA. With Nudge Security’s Slack integration, your employee can respond to nudges directly within Slack, and you’ll see their answers within the Nudge Security dashboard. 

Like what you see? 

Nudge Security helps you avoid the costs and risks associated with unmanaged cloud accounts by identifying your organization’s cloud accounts and making it easy for you to move them into centralized governance. 

Take Nudge Security for a test drive and discover all the SaaS and cloud assets at your organization, including rogue cloud accounts and shadow IT. Try it free for 14 days.

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors