Flavio Villanustre, CISO at LexisNexis Risk Solutions Group, warned that “malicious insiders could exploit these weaknesses to grant themselves access beyond what is normally allowed.” However, he said, “There is probably little that can be done to reduce the risk other than limiting the blast radius by reducing the scope of authentication and introducing a robust security perimeter in between.” However, “this may have the side effect of significantly increasing costs, so it may not be a commercially viable option.”
Gogia said the biggest risk is that these holes may go undetected because corporate security tools aren’t programmed to look for them.
“Most companies are not equipped to monitor the behavior of their service agents. If one of these identities were to be exploited, it would not be considered an attacker. It would appear that the platform is doing its job,” Gogia said. “That’s what makes the risks so serious. Unless you fundamentally redesign your cloud posture, you’re relying on components that can’t be monitored, constrained, or isolated. Most organizations log user activity but ignore what the platform does under the hood. This needs to change. Service agents need to be monitored as if they were privileged employees. Build alerts for unexpected BigQuery queries, storage access, or session behavior. Attackers can It looks like an agent, so that’s where detection needs to be focused.”
