Cybersecurity insights from industry experts.

The gap between permissions granted and permissions used exposes organizations to increased risk. (Part two of a two-part series.)

Microsoft Security, Microsoft

April 11, 2023

4 Min Read
Multicloud concept
Source: Aleksey Funtap via AlamyStock

Did you know that 86% of businesses plan to increase their investment in hybrid or multicloud technology? And yet 73% of those same companies find it challenging to manage multicloud environments.

In part, this is because managing identities and their related access permissions is more complicated when you're dealing with a multicloud environment. Digital sprawl has led to an explosion in permissions across multicloud environments, and we lack a consistent oversight solution.

To date, as many as 99% of current cloud permissions are going unused. This gap between permissions granted and permissions used represents a significant concern for enterprise businesses, as it opens them up to an increased risk of both accidental and malicious insider threats. Read on to learn how you can evolve your identity and permissions management by implementing cloud infrastructure entitlement management (CIEM) solutions into your own operations.

How Does CIEM Work?

One issue with overpermissioned multicloud environments is that they're very difficult for security teams to monitor. Various cloud platforms don't always interact well with one another, and that can make it challenging for security teams to have full visibility across the entire multicloud environment. Identities have also expanded beyond employees and customers to encompass developers, third-party contractors, and even workload identities like web apps, virtual machines, containers, scripts, serverless functions, and more.

Attackers can exploit the misconfigured permissions of these identities to access critical cloud infrastructure. The permissions gap can be reduced by implementing least privilege access and working toward a zero-trust security model, but it's very difficult to do manually and at a cloud scale. That's where CIEM comes in.

As we learned in Part 1 of this series, CIEM was first coined by Gartner as a way to address the identity and permissions challenges posed by cloud technology. CIEM acts as a cloud-native, scalable, and extensible way to automate the continuous management of permissions in the cloud because it is built on a continuous, activity-based model. This allows organizations to keep pace with rapid cloud growth while also scaling their security infrastructure.

CIEM is made up of seven core pillars: account and entitlements discovery, cross-cloud entitlements correlation, entitlements visualization, entitlements optimization, entitlements protection, entitlements detection, and entitlements remediation. Essentially, it works by allowing organizations to understand what permissions currently exist within their environments and how various identities are using those permissions.

CIEM can even help organizations understand how they should change their current identity management to follow the principles of least privilege access and how to best protect their environments moving forward.

How To Implement CIEM In Your Own Organization

Cloud technology has become table stakes for many organizations, and the move to shift workloads into the cloud isn't likely to slow down anytime soon. This means that cloud providers will continue to add new capabilities and services, generating tens of thousands of permissions and growing the number of identities — both human and workload — in the process.

That's why we recommend taking a life cycle approach to CIEM. This empowers organizations to continuously discover, remediate, and monitor the activity of every unique user and workload identity that's operating in their cloud environment. It also has the benefit of alerting security and infrastructure teams to unexpected or excessive risks in cloud environments so they can respond accordingly.

The first step is the discovery phase. This involves creating individual usage profiles for each human or workload identity to understand how they typically operate in your environment and assess whether permissions granted in the past are still needed today.

Next is the remediation phase. A core attribute of CIEM is that it enables companies to look at usage data to see which permissions each identity is actually using. Based on this insight, security teams can then revoke permissions that aren't being used or that aren't necessary for that person or workload's function.

Finally, we have the monitoring phase. Thousands of identities can be active across cloud environments at any given time. So it's critical for CIEM solutions to provide robust monitoring and alerting capabilities. This monitoring should be customizable by both identity and activity, and your CIEM solution should be able to send automated alerts to the appropriate security team.

Strong cloud security ultimately hinges on an organization's ability to control the level of access that human and workload identities have to their infrastructure. Something like CIEM can help secure these identities at scale.

Read more Partner Perspectives from Microsoft Security.

Read more about:

Partner Perspectives

About the Author(s)

Microsoft Security


Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights