How IT teams can achieve effective security in a multi-cloud environment with CIEM

Business adoption of cloud computing platforms and services such as AWS and Azure has been growing for years, but now the pace of adoption has been turbocharged.

What with ongoing digital transformation projects, Australian organisations have been turning to the cloud in rapidly increasing numbers. They’ve realised it’s the most effective way to give employees access to the applications and data sources they need, wherever they are working.

Many companies have also come to rely on cloud-based communication and collaboration platforms to connect staff with each other, partners and customers. Having a cloud-based meeting is now just as natural as being face to face.

However, while the many cloud options now on the market promise big benefits, they can also lead to increased complexity within IT infrastructures. Linking different clouds together and establishing connections with existing on-premise systems makes ongoing management more challenging.

When you add security and identity management to the mix, things get even more difficult. Ensuring access to systems is limited just to those who have authority to use these becomes much more challenging when resources are located in multiple locations and on multiple platforms.

The role of CIEM

To address this challenge of increased management complexity, growing numbers of organisations are making use of cloud infrastructure entitlements management (CIEM). A CIEM platform manages permissions and entitlements while also enforcing least privilege standards throughout a cloud ecosystem.

Able to be used for both public and private clouds, CIEM is of immediate benefit to security teams that currently rely on a disparate range of tools, each native to a particular cloud. It is of particular benefit in a multi-cloud environment where different groups of users and devices require different levels of access in different places.

VIEW ALL

In these cases, it can often be easier for a security team to over provision certain users to ensure they have the level of access they need across all the clouds being used. However, this privilege creep can pose a risk because if their identity is compromised, the attacker can then gain widespread access to the organisation’s infrastructure. CIEM provides a more effective alternative.

Enabling just-in-time ID management

Most security teams understand that managing cloud identities and their entitlements through just-in-time (JIT) provisioning and least privilege is a standard approach, however, finding the right solution to cover multi-cloud environments can be challenging.

Such a solution requires standardised controls, full visibility of the environment, the ability to plug cloud security gaps and identify privilege anomalies. Only then can security teams be assured of being able to identify potential privilege-related risks and prevent infrastructure breaches.

A CIEM platform allows a security team to discover, manage and monitor entitlements in real time. It can build comprehensive behaviour models for each identity across multiple cloud infrastructures, including hybrid environments. In turn, this allows the CIEM platform to flag anomalies and enforce least privilege.

The changing of policies and entitlements is automated and capable of extending to traditionally incompatible cloud resources. Likewise, where cloud resources associated with projects are spun up for short periods of time, CIEM may help identify orphaned privileges left over after project completion.

A CIEM platform can also be integrated with privileged access management (PAM) solutions to further streamline the management of secrets, passwords, least privilege and remote access. Least privilege security models mean that each session, machine, employee, contractor, or process will only be granted sufficient permission to perform a specific task.

Also, the just-in-time access model ensures that those permissions expire when the task is completed. This can greatly reduce the risk of compromised credentials.

Cross-cloud visibility

A CIEM platform can deliver significant business benefits because it is capable of reaching into every corner of an IT infrastructure, from on-premise resources to those housed in multiple clouds. It can also provide a rich view of cloud identities and their entitlements.

A CIEM platform also enables the granular monitoring and configuration of permissions and tracks privilege models across the different cloud service providers they visit. It can also automate a range of processes to maintain the integrity and relevance of each active identity and ensure it has access to every resource it needs for its owner (human or otherwise) to be productive, but no more than necessary.

A CIEM-powered future

CIEM platforms have quickly evolved to become an important prerequisite for robust cloud-identity security. They give security teams the ability to automatically discover accounts and assess their entitlements, create an inventory of identities, and classify them by permission sets, all in real time.

This capability alone is a boon to any organisation that is trying to align its security posture with the dynamic nature of cloud environments. The result will be a searchable repository that can be readily audited and managed.

As organisations increasingly take advantage of multiple clouds as part of their overall IT infrastructures, having such capabilities in place is vital. Consider whether a CIEM platform could add value for your operations.

Scott Hesford is the director of solutions engineering, Asia-Pacific and Japan at BeyondTrust.