Learn how implementing a CIEM solution offers significant benefits to any company with a complex cloud infrastructure.
Rapid7 Cloud Risk SolutionCloud infrastructure entitlement management (CIEM) is a category of solutions that leverages administration-time controls for managing entitlements and data governance in hybrid and multi-cloud infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) architectures. Gartner® defines CIEM as specialized identity-centric software-as-a-service (SaaS) solutions focused on managing cloud access risk.
CIEM解决方案的出现是因为以下方面的挑战 身份和访问管理(IAM) have become more complex in tandem with the increased usage of multi-cloud and hybrid cloud infrastructures. These tools handle 动态云环境的身份治理, typically following the 最小特权原则(LPA) principle, where users and entities are able to access only what they need at the right time and for the right reason.
Challenges to IAM and entitlement management typically center around piecemeal solutions operating within dynamic multi- and hybrid-cloud environments. This includes privileged access management as well as identity administration and governance. 不用说,这种方法面临的挑战很多,包括:
简而言之,多云IAM需要更精细的方法. These challenges remain the biggest reason for the growth of more holistic CIEM solutions within the industry. Below, we’ll discuss the modern approach to cloud infrastructure management and how it addresses these challenges.
CIEM解决方案应该包含一个深思熟虑的战略方法. Most importantly, a CIEM solution should provide visibility into the entities currently accessing the organization’s cloud infrastructure: employees, clients, applications, cloud services, etc. This analysis must also cover the specific resources being accessed and the type of access, as well as the time. Simply put, the information gathered must include the who, the what, and the when.
然后,该分析通知下一个实现步骤, 哪个处理跨云基础设施的风险管理. The main task within this step involves implementation of the least privilege principle noted earlier. In short, entities can only access applications and data they need to complete their work. 不应给予额外的访问权限.
最后,云工程师需要手段和多云环境 on a 24/7 basis. This includes receiving actionable alerts whenever suspicious activity happens, 例如未经授权的访问.
Ultimately, partnering with a top CIEM provider lets companies work with the experts to devise an implementation strategy compatible with the organization’s cloud security approach. 由于CIEM是云技术中一个相对较新的领域, 实现平台的最佳实践仍在开发中, 这使得专家的意见更有价值.
Any suitable CIEM platform must include a robust collection of features and functionality. For example, an easy-to-use module for access control and provisioning helps cloud administrators manage privileges for all accounts accessing the cloud infrastructure. This module must also facilitate enforcement of the least privilege principle as well as any other governance policies for the company.
A related entitlement management module gives administrators the means to control specific permissions for each user. An automated audit feature helps companies wrangle any dormant or orphaned accounts that exist. 如有必要,必须识别并删除这类帐户. They remain a significant security risk to any company’s cloud infrastructure. Auditing also helps cloud administrators track the current entitlement level for each account.
Additionally, many leading CIEM platforms seamlessly integrate with the top cloud providers, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. Of course, the best platforms also support multi-cloud and hybrid cloud infrastructures. Remember, when choosing a CIEM platform, easy integration helps ensure a successful implementation.
CIEM的组件是IAM的基于云的方面. 主要组成部分包括:
Identity rule: Checks put into place within a cloud environment to ensure the right person or asset can access the correct infrastructure.
Compliance: This includes documentation concerning automated auditing features that can demonstrate an organization's controls on cloud access and privacy considerations.
用户行为分析(UBA): Specific data provides visibility into the entities accessing an organization's cloud infrastructure and how they're using it.
Security policies:这些是包含会话策略的指导方针, service control policies, permission boundaries, 以及基于身份的政策.
Implementing a CIEM solution offers significant benefits to any company with a complex cloud infrastructure. As noted earlier, 最好的平台提供对云上当前活动的可见性, 甚至是混合云和多云环境.
By using CIEM, an enterprise’s cloud-based applications and critical data stay protected from hackers and other nefarious cybercriminals. Once again, automated features detect and alert when discovering any potential threats比如休眠账户或非正常活动. 甚至在创建新用户帐户时也会出错, 比如分配过于宽松的访问权限, are detected by the system, 防止潜在的有害错误影响业务操作.
Additionally, companies with significant regulatory compliance requirements benefit from a CIEM platform’s automated auditing features. This approach provides a documentation trail detailing the company’s tight controls on cloud access, 特别是那些关键的数据隐私考虑. Companies in the banking, insurance, 金融部门尤其受益于这一功能.
作为一种新兴的云管理解决方案, 随着时间的推移,CIEM平台有望增加更多的改进. Still, any current limitations are greatly outweighed by their significant benefits.
However, when analyzing potential CIEM vendors, choose one known for building holistic solutions. Many existing IAM vendors simply port over their non-cloud products without the seamless integration necessary to work in the complex multi-cloud of today.
Any effective solution for cloud-based IAM must take into account each client’s unique approach to their cloud infrastructure. This is especially the case at organizations with complex policies regarding cloud access and permissions.
2022 Cloud Misconfigurations Report: Latest Cloud Security Breaches and Attack Trends