A Quick Look Into Cloud Infrastructure Entitlement Management (CIEM)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security management platform umbrella. This article gives a quick look into the Cloud Infrastructure Entitlement Management (CIEM) archetype:

• Cloud Access Security Broker (CASB)
• Cloud Workload Protection Platform (CWPP)
• Cloud Security Posture Management (CSPM)
• Cloud Infrastructure Entitlement Management (CIEM)
• Cloud-Native Application Protection Platform (CNAPP)

What is cloud infrastructure entitlement management (CIEM)?

In its 2020 Cloud Security Hype Cycle, Gartner included a new category and corresponding “C” acronym, “CIEM.” This new archetype describes solutions focused on cloud identity and access management (IAM), which is often too complex and dynamic to be managed effectively by native CSP tools alone. The emerging CIEM category is designated for technologies that provide identity and access governance controls with the goal of reducing excessive cloud infrastructure entitlements and streamlining least-privileged access controls across dynamic, distributed cloud environments.

When should you use CIEM?

CIEM should be used in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments.

Benefits and limitations of CIEM

Benefits

• Provides visibility into who and what can access your cloud resources.
• Replaces time-consuming intervention to remediate overly permissive access and entitlements.
• Protects sensitive data.
• Prevents overly permissive or unintended access.
• Enables and empowers audit and compliance functions.

Limitations

Many CIEM solutions are not constructed holistically—rather, many vendors that deal with IAM outside the cloud are creating piecemeal solutions based on separate products that deal with identity governance and administration, access management, and multi-factor authentication. Managing identity and access in the cloud requires a much broader contextual understanding of an organization’s cloud environments and the various complex policy layers that determine access and permissions.

For a deeper dive into Gartner’s cloud security archetypes, read: A Practical Guide to Gartner’s Cloud Security Archetypes.