Insider Threat For Service Account in Google Cloud Platform

Abstract: As most software industry is migrating from traditional servers and depending more on Cloud-based services, we are encountering new problems hitherto unknown to us. Due to the variousadvantages offered by Cloud services and the numerous problems whose solutions are providedby Cloud technologies, cloud-based services have become very popular. Organizations of allsizes widely use them to meet their day-to-day technology needs. Cloud infrastructure mainlyconsists of Cloud resources and services, which are accessed through user and service accounts.This thesis considers the challenge of securing service accounts of cloud providers by serviceaccount keys. In the realm of cloud security, a central challenge revolves around the effectiveprotection of service account keys to thwart unauthorized access and the potential for databreaches, all while ensuring that legitimate operations maintain the necessary access. Eachservice account is intricately linked to a set of credentials, comprising both private and publickeys used for interactions with external APIs. These credentials play a critical role inauthenticating the service account and granting it authorization to access resources withinGoogle Cloud Platform (GCP). Notably, when service account keys are not downloaded, theprivate key remains confined within the GCP environment, limiting service interactions.Conversely, the act of downloading the private key increases the risk of exploitation, as itrepresents the most sensitive component of the service account credentials. Without access tothe private key, the authentication of the service account and subsequent access to GCPresources becomes unattainable.To address the holistic challenges in this thesis, it's crucial to emphasize the importance ofsecuring service account keys and limiting access to authorized users. This led to the proposalof a key rotation process to achieve our research objectives. The approach taken in this studyinvolves both qualitative and quantitative methods. This includes a thorough literature reviewand interviews with cloud professionals, allowing us to gain insights into the threats throughcontent analysis and a SWOT-based assessment. This method is aimed at mitigating the risk ofservice account key exploitation.