how-cisos-get-multicloud-security-right-with-ciem

How CISOs Get Multicloud Security Right With CIEM

Image Credit: D3Damon / Getty images

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


More CISOs will have to deliver revenue growth to protect their budgets and grow their careers in 2023 and beyond, and a core part of that will be getting multicloud security right. It’s the most common infrastructure strategy for rejuvenating legacy IT systems and clouds while driving new revenue models. As a result, multicloud is the most popular cloud infrastructure, with 89% of enterprises relying on it, according to Flexera’s 2022 State of the Cloud Report. 

Organizations and the CISOs running them often decide to pursue a multicloud strategy based on the improved availability of resources and best-of-market innovations available, as it helps them meet compliance requirements more efficiently and gain greater bargaining parity during cloud provider negotiations. CISOs have told VentureBeat in previous interviews that multicloud is also an excellent way to avoid vendor lock-in. Large-scale enterprises also look to gain more excellent geographical coverage of their global operations. 

The more multicloud proliferates, the greater the need to enforce least-privileged access across every cloud instance and platform. That’s one of the main reasons why CISOs need to pay attention to what’s happening with cloud infrastructure entitlement management (CIEM). 

Defining CIEM 

Gartner defines CIEM as a software-as-a-service (SaaS) solution for managing cloud access by monitoring and controlling entitlements. It said CIEM uses “analytics, machine learning (ML), and other methods to detect anomalies in account entitlements, like accumulating privileges and dormant and unnecessary entitlements. CIEM ideally provides remediation and enforcement of least privilege approaches.” 

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Gartner launched the term CIEM in 2020, with its first mention on the Hype Cycle for Cloud Security that year. Source: Smarter with Gartner Blog, Top Actions From Gartner Hype Cycle for Cloud Security, 2020.

Multicloud is a major zero-trust challenge 

Every cloud hyperscaler has a unique approach to solving their platforms’ IAM, PAM, microsegmentation, multifactor authentication (MFA), single sign-on (SSO), and other main challenges their customers face in attempting to implement a zero-trust network access (ZTNA) framework on and across platforms. 

Gartner predicts that inadequate management of identities, access and privileges will cause 75% of cloud security failures by 2023. The more complex a multicloud configuration, the more it becomes a minefield for zero-trust implementation. CISOs and their teams often rely on the Shared Responsibility Model in briefings and as a planning framework for defining who is responsible for which area of the multicloud tech stacks. 

Many enterprises rely on the Amazon Web Services version because of its straightforward approach to defining IAM. With each hyperscaler providing security just for their platform and tech stacks, CISOs and their teams need to identify and validate the best possible IAM, PAM, microsegmentation, and multifactor authentication (MFA) apps and platforms that can traverse across each hyperscalers cloud platform.

“Existing cloud security tools don’t necessarily address specific aspects of cloud infrastructure,” Scott Fanning, senior director of product management and cloud security at CrowdStrike, told VentureBeat. “Identity isn’t necessarily buried into that DNA as well, and the cloud providers themselves have added so much granularity and sophistication in their controls,” he continued. 

One of CIEM’s design goals is to help close the gaps between multiclouds by enforcing least-privileged access, removing any implicit trust of endpoints and human and machine identities. The goal is to eradicate implicit trust from multicloud infrastructure. That isn’t easy to do without an overarching governance platform, which is one of the reasons CIEM is gaining market momentum today. 

The Shared Responsibility Model defines those areas customers are responsible for versus cloud platform providers at a high level. Implementing zero trust in a multicloud environment often exposes long-standing security gaps between clouds that these models don’t show. Source: AWS Shared Responsibility Model.

The more complex a multicloud configuration, the more challenging it becomes for experienced staff to manage, with errors becoming more commonplace. As a result, CIEM advocates point to the need to automate scale governance and configuration monitoring to alleviate human errors. 

Gartner predicts this year that 50% of enterprises will unknowingly and mistakenly expose some applications, network segments, storage, and APIs directly to the public, up from 25% in 2018. In addition, the research firm predicts that by 2023, 99% of cloud security failures will result from manual controls not being correctly configured. 

Why CIEM’s importance is growing 

Getting in control of cloud access risk is what drives the CIEM market today. CISOs rely on risk-optimization scenarios to balance their budgets, and the value CIEM delivers makes it part of the budgeting mix. In addition, by providing time controls for the governance of entitlements in hybrid and multicloud IaaS environments, CIEM platforms can enforce least privilege at scale. 

Leading CIEM vendors include Authomize, Britive, CrowdStrike, CyberArk, Ermetic, Microsoft (CloudKnox), SailPoint, Saviynt, SentinelOne (Attivo Networks), Sonrai Security, Zscaler and others. 

Advanced CIEM platforms rely on machine learning (ML), predictive analytics, and pattern-matching technologies to identify anomalies in account entitlements, such as accounts accumulating privileges that have been dormant and have unnecessary permissions. From a zero-trust perspective, CIEM can enforce and remediate least-privileged access for any endpoint, human or machine identity.  

Fanning said CrowdStrike’s approach to CIEM enables enterprises to prevent identity-based threats from turning into breaches because of improperly configured cloud entitlements across public cloud service providers. He told VentureBeat that one of the key design goals is to enforce least-privileged access to clouds and provide continuous detection and remediation of identity threats. 

“We’re having more discussions about identity governance and identity deployment in boardrooms,” he told VentureBeat during a recent interview. 

CrowdStrike’s CIEM dashboard provides insights into trending security issues by indicator of attack (IoA), policy violations, configuration assessment by policy for identities, lateral movement, and least-privileged violations to the credential policy level. Source: CrowdStrike.

Five reasons why CIEM will continue to gain adoption

CISOs pursuing a ZTNA strategy are out for quick wins, especially with budgets on the line today. CIEM is showing that it has the potential to deliver measurable results in five key areas. 

  • Predicting and preventing identity-based threats across hybrid and multicloud environments delivers measurable results that are being used to quantify risk reduction. 
  • CIEM is also proving effective at visualizing, investigating and securing all cloud identities and entitlements. 
  • CISOs tell VentureBeat that CIEM is simplifying privileged-access management and policy enforcement at scale. 
  • CIEM makes it possible to perform one-click remediation testing before deployment on the most advanced platforms. 
  • CIEM can integrate and remediate fast enough to not slow devops down.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.