Table of Contents
Share this entry
CIEM is at the peak of its ascent, according to Gartner. The analyst’s ‘Hype Cycle for Workload and Network Security, 2022’ was published recently by author Charlie Winckless. It wasn’t too long ago that CIEM was added as a new category in the Identity and Access Management Technology Hype Cycle back in 2020. Fast forward two years and CIEM vendors are now front and center forging a new path for Identity and Access Management in the cloud backed by the major analyst.
Just a few days ago, Gartner released their report titled, ‘Emerging Tech: CIEM is Required for Cloud Security and IAM Providers to Compete.” They noted the increase in IAM vendors adopting CIEM capabilities and proposed several ‘must-have’ features for a vendor to compete in the increasingly saturated market.
The 2022 Gartner Hype Cycle defines CIEM’s value as “helping enterprises manage cloud access risks via admin time controls for the governance of entitlements in hybrid and multi cloud IaaS. They [CIEM] use analytics, machine learning, and other methods to detect anomalies in account entitlements, like accumulation of privileges, and dormant and unnecessary permissions. CIEM ideally provides enforcement and remediation of least privilege approaches.” Sonrai Security is noted as a representative vendor for CIEM in this year’s report.
Between the validation from a major analyst, and Gartner’s continued estimation that through 2023, at least 99% of cloud security failures will be the customer’s fault,’ the reality is looking us square in the face: it’s time to adopt a Cloud Infrastructure Entitlement Management solution.
Cloud entitlements are the new perimeter in the cloud. If a bad-actor scores the right identity, they can quickly set themselves up to do whatever they please in your environment. With hundreds if not thousands of permissions in any given enterprise environment, it is easy for some of them to be unused and pose attack surface. Many organizations simply cannot keep track of the amount of identities and their respective permissions running rampant in their cloud.
Person identities are just one piece of the equation when it comes to identity management. Cloud has seen an exponential increase in non-person identities like service accounts, roles, VMs and connected devices. Developers can create new non-person identities with ease, and they do, oftentimes on a daily basis when working on application development.
Keeping an inventory and securing all these identities can quickly become unmanageable. CIEM solutions shine in this corner, and are recommended as the tool to help optimize cloud entitlements by Gartner.
2022 Gartner Hype Cycle CIEM Recommendations:
Gartner provides some recommendations for Enterprise users of CIEM, they are summarized below:
- Use CIEM as part of a broader IAM strategy; it cannot replace full-features IGA and PAM technologies, especially in orgs with lots of on-prem resources.
- Check if your existing IAM and cloud security vendors offer CIEM capabilities to avoid redundant investments.
- If there are gaps in existing tools, prioritize investment into ciem capabilities for protecting multi cloud IaaS.
- Use CIEM to manage entitlements of Non-Person Identities.
- Use CIEM’s advanced analytics for simplifying dynamic privilege management with reduced manual input.
- Leverage CIEM in DevSecOps, and infrastructure as code, leveraging its abilities to provide visibility to unnecessary privileges, and refining policies, without disrupting developer flows.
For more recommendations see the full 2022 Gartner Hype Cycle report.
Identity-First Cloud Security
Cloud Infrastructure Entitlement Management (CIEM) will only grow in popularity as enterprises recognize the pivotal role identity, access, and permissions play in cloud breaches. Sonrai offers a CIEM solution that inventories all identities — human and machine — and computes their effective permissions to reveal overprivileging, toxic combinations, and privilege escalation potential. Prescriptive or automated remediation swiftly breaks down these identity risks to shut down attack paths to data. Learn more about the solution:
The Newsletter for Cloud Security Leaders. 1x a month.
Get a Comprehensive Cloud Identity AuditRequest Your Audit
- Cloud Security Platform
- By Use Case