CIEM is at the peak of its ascent, according to Gartner. The analyst’s ‘Hype Cycle for Workload and Network Security, 2022’ was published recently by author Charlie Winckless. It wasn’t too long ago that CIEM was added as a new category in the Identity and Access Management Technology Hype Cycle back in 2020. Fast forward two years and CIEM is now front and center forging a new path for Identity and Access Management in the cloud backed by the major analyst.
The 2022 Gartner Hype Cycle defines CIEM’s value as “helping enterprises manage cloud access risks via admin time controls for the governance of entitlements in hybrid and multi cloud IaaS. They [CIEM] use analytics, machine learning, and other methods to detect anomalies in account entitlements, like accumulation of privileges, and dormant and unnecessary permissions. CIEM ideally provides enforcement and remediation of least privilege approaches.” Sonrai Security is noted as a representative vendor for CIEM in this year’s report.
Between the validation from a major analyst, and Gartner’s continued estimation that through 2023, at least 99% of cloud security failures will be the customer’s fault,’ the reality is looking us square in the face: it’s time to adopt a Cloud Infrastructure Entitlement Management solution.
Why CIEM?
Identity is the new perimeter in the cloud. If a bad-actor scores the right identity, they can quickly set themselves up to do whatever they please in your environment. With hundreds if not thousands of permissions in any given enterprise environment, it is easy for some of them to be unused and pose unnecessary risk. Many organizations simply cannot keep track of the amount of identities and their respective permissions running rampant in their cloud. A benchmark study by Dimensional Research and the Identity Defined Security Alliance found that over a two-year period, 79% of companies experienced an identity-related breach.
Person identities are just one piece of the equation when it comes to identity management. Cloud has seen an exponential increase in non-person identities like service accounts, roles, VMs and connected devices. Developers can create new non-person identities with ease, and they do, oftentimes on a daily basis when working on application development. Keeping an inventory and securing all these identities can quickly become unmanageable. CIEM solutions shine in this corner, and are recommended as the tool to help optimize identity (specifically non-person identities) entitlements by Gartner.
2022 Gartner Hype Cycle CIEM Recommendations:
Gartner provides some recommendations for Enterprise users of CIEM, they are summarized below:
Use CIEM as part of a broader IAM strategy; it cannot replace full-features IGA and PAM technologies, especially in orgs with lots of on-prem resources.
Check if your existing IAM and cloud security vendors offer CIEM capabilities to avoid redundant investments.
If there are gaps in existing tools, prioritize investment into ciem capabilities for protecting multi cloud IaaS.
Use CIEM to manage entitlements of Non-Person Identities.
Use CIEM’s advanced analytics for simplifying dynamic privilege management with reduced manual input.
Leverage CIEM in DevSecOps, and infrastructure as code, leveraging its abilities to provide visibility to unnecessary privileges, and refining policies, without disrupting developer flows.
Managing identity, which cannot be considered without equally considering its closely related counterpart, data, is the centerpiece of any strong cloud security program. However, data and identity are just a piece of the pie. Striving for and maintaining least privilege is a significant goal, but once you are there, ask yourself – ‘what sensitive data can this identity access?’, ‘is this overprivileged identity on a workload?’, ‘if this identity were compromised, do I even have logging and auditing enabled?’ The world of cloud does not work in silos.
Achieving total public cloud security hinges on the four major pillars that are: Identity, Data, Platform, and Workload. Respectively, CIEM (identity) Cloud Data Loss Prevention (data), CSPM (platform) and CWPP (workload) have their individual use cases, but complete visibility and context comes from one integrated platform bolstering each pillar.
If you’re interested in better understanding what complete cloud security looks like, explore our cloud security platform solution.
