Organizations are adopting the cloud in growing numbers, but with this growth comes unanticipated security challenges with user identity management and the explosion of “non-people” identities such as applications, serverless functions, and virtual machines. Unfortunately, traditional security tools are ill-equipped to handle this explosion of resource management and, as a result, we see excessive access and exasperated security risks. This issue begs for a new best practice.
Traditional identity solutions struggle to address the cloud’s unique security challenges with its granular and ephemeral nature. Existing cloud security tools address specific aspects of cloud infrastructure security, but they generally lack identity and access controls. Manual methods to ensure a least-privilege approach to security do not scale in an environment with so many identities and entitlements. Existing security paradigms cannot inherently combat the new wave of identity security. This need has resulted in a new class of tools for Cloud Infrastructure Entitlement Management (CIEM).
CIEM refers to next-generation cloud security technology that grants, resolves, enforces, revokes, and administers access. CIEMs purpose is to manage entitlements, remediate cloud access risk, and enforce the principle of least privilege across multi-cloud environments to reduce excessive permissions, access, and cloud infrastructure entitlements.
By leveraging a CIEM, enterprise organizations can lock down and secure data at the scale and speed of the cloud. Gartner defined Cloud Infrastructure Entitlement Management (CIEM) as a ‘specialized identity-centric solution’ focused on managing identity access risk. The rise of CIEM solutions has emerged because Identity Access Management (IAM) challenges have become more complex. With the increased usage of multi-cloud and hybrid cloud infrastructures, there was a need for better tools. These tools handle identity governance for dynamic environments, typically following the least privilege principle, where identities and entities can access only what they need at the right time and for the right reason.
Using the identity inventory and their effective permissions (cloud entitlements) from a CIEM tool, organizations can now determine what data identities can access, how they can access the data, and what they can potentially do with the data. With this continuous visibility, teams can effectively determine where they have risks and then, in turn, manage the risks to ensure that the cloud environment and the data within it stay secure.
CIEM is critical to managing cloud risk in your environments. However, not all solutions are created equal. The right CIEM needs to not only be able to inventory your people and non-people identities and determine their effective permissions, but also be work at the scale and speed of your cloud.
Finding the a CIEM Solution
The following questions will help cloud security teams comprehensively evaluate a CIEM solution.
Account and Entitlements Discovery
- What level of visibility does your CIEM solution provide? (Identity risks, entitlements, trust relationships, specific exposures, etc.)
- What issues can your platform identify? (Excess entitlements, unused entitlements, dormant accounts, over-privileged identities, etc.)
- How customizable is the risk dashboard?
- What identity exposures does it include? (people, non-people, machines, etc.)
- What does it show or visualize risk?
- How extensive is the coverage? (Across cloud, across accounts, etc.)
- What visualization does the solution provide?
- What entitlement changes does it track?
- What events does it create when there is a risk?
- How often does your CIEM update? (continuous, real-time,)
- What remediation options do your CIEM solutions offer?
- How much automation do your tools provide?
- What mitigation information does the solution provide if remediation is not an option?
- How actionable are the alerts?
- How does it present findings?
- What analysis tools does it provide?
- How much data sharing and context does it offer?
- How are effective permissions enforced?
- Does it alert to Separation of Duties risks?
- Does it prevent toxic combinations?
- Does it provide visibility into who and what can access your cloud resources?
- Will it replace time-consuming intervention to remediate overly permissive access and entitlements?
- Does your CIEM solution enforce your policies through automation?
- Does it protect access to sensitive data?
- Does it prevent overly permissive or unintended privileged access?
- Does it enable and empower audit and compliance functions?
- What attack detection capabilities does it offer?
- Can it detect atypical behavior?
- How quickly does it alert on detection?
- Do its detection capabilities work across clouds?
- What are the deployment requirements?
- What privileges or rights does it require?
- How easy/intuitive is it to deploy?
- How well does it scale across multi-cloud environments?
- Where is the management console located: on-premises or in the cloud?
Many CIEM solutions are not constructed holistically; rather, many vendors that deal with IAM outside the cloud are creating piecemeal solutions based on separate products that deal with identity governance and administration, access management, and multi-factor authentication. Managing identity and access in the cloud requires a much broader contextual understanding of an organization’s cloud environments and the complex policy layers that determine access and permissions. Finding the right solution will be a challenge if you’re not careful. Use our checklist to really understand your CIEM vendors.
Sonrai Security: a Top CIEM Solution
Sonrai Security provides actionable visibility to cloud identity and entitlement exposures so organizations can take corrective action for risky entitlements and drift from security policies. The solution makes identifying and reducing risk simple by offering trust relationship visualizations for cloud identities, roles, permissions, and resources. Security teams now see misconfigurations and excess permissions that bad actors can leverage to create kill chains, attack paths, move laterally and maintain persistence within the public cloud environment.
Ready to leverage a CIEM solution? Contact Sonrai Security experts today.