Learn how implementing a CIEM solution offers significant benefits to any company with a complex cloud infrastructure.
Rapid7云风险解决方案Cloud infrastructure entitlement management (CIEM) is a category of solutions that leverages administration-time controls for managing entitlements 和 data governance in hybrid 和 multi-cloud infrastructure-as-a-service (IaaS) 和 platform-as-a-service (PaaS) architectures. Gartner® defines CIEM as specialized identity-centric software-as-a-service (SaaS) solutions focused on managing cloud access risk.
CIEM解决方案的出现是因为以下方面的挑战 身份和访问管理(IAM) have become more complex in t和em with the increased usage of multi-cloud 和 hybrid cloud infrastructures. 这些工具处理 动态云环境的身份治理,通常是在 最小特权原则(LPA) 原则, where users 和 entities are able to access only what they need at the right time 和 for the right reason.
Challenges to IAM 和 entitlement management typically center around piecemeal solutions operating within dynamic multi- 和 hybrid-cloud environments. This includes privileged access management as well as identity administration 和 governance. 不用说,这种方法面临的挑战很多,包括:
简而言之,多云IAM需要更精细的方法. These challenges remain the biggest reason for the growth of more holistic CIEM solutions within the industry. 下面, we’ll discuss the modern 方法 to cloud infrastructure management 和 how it addresses these challenges.
CIEM解决方案应该包含一个深思熟虑的战略方法. 最重要的是, a CIEM solution should provide visibility into the entities currently accessing the organization’s cloud infrastructure: employees, 客户, 应用程序, 云服务, 等. This analysis must also cover the specific resources being accessed 和 the type of access, 还有时间. Simply put, the information gathered must include the who, the what, the when.
然后,该分析通知下一个实现步骤, 哪个处理跨云基础设施的风险管理. The main task within this step involves implementation of the least privilege 原则 noted earlier. In short, entities can only access 应用程序 和 data they need to complete their work. 不应给予额外的访问权限.
最后,云工程师需要手段和多云环境 全天候工作. This includes receiving actionable alerts whenever suspicious activity happens, 例如未经授权的访问.
最终,与 顶级CIEM提供商 lets companies work with the experts to devise an implementation strategy compatible with the organization’s 云安全 方法. 由于CIEM是云技术中一个相对较新的领域, 实现平台的最佳实践仍在开发中, 这使得专家的意见更有价值.
Any suitable CIEM platform must include a robust collection of features 和 functionality. 例如, an easy-to-use module for access control 和 provisioning helps cloud administrators manage privileges for all accounts accessing the cloud infrastructure. This module must also facilitate enforcement of the least privilege 原则 as well as any other governance policies for the company.
A related entitlement management module gives administrators the means to control specific permissions for each user. An automated audit feature helps companies wrangle any dormant or orphaned accounts that exist. 如有必要,必须识别并删除这类帐户. They remain a significant security risk to any company’s cloud infrastructure. Auditing also helps cloud administrators track the current entitlement level for each account.
另外, many leading CIEM platforms seamlessly integrate with the top cloud providers, 包括 亚马逊网络服务(AWS), 微软Azure, 谷歌云. Of course, the best platforms also support multi-cloud 和 hybrid cloud infrastructures. Remember, when choosing a CIEM platform, easy integration helps ensure a successful implementation.
CIEM的组件是IAM的基于云的方面. 主要组成部分包括:
身份统治: Checks put into place within a cloud environment to ensure the right person or asset can access the correct infrastructure.
合规: This includes documentation concerning automated auditing features that can demonstrate an organization's controls on cloud access 和 privacy considerations.
用户行为分析(UBA): Specific data provides visibility into the entities accessing an organization's cloud infrastructure 和 how they're using it.
安全策略:这些是包含会话策略的指导方针, 业务控制策略, 允许的界限, 以及基于身份的政策.
Implementing a CIEM solution offers significant benefits to any company with a complex cloud infrastructure. 如前所述, 最好的平台提供对云上当前活动的可见性, 甚至是混合云和多云环境.
通过使用CIEM, an enterprise’s cloud-based 应用程序 和 critical data stay protected from hackers 和 other nefarious cybercriminals. Once again, automated features detect 和 alert when discovering any potential 威胁比如休眠账户或非正常活动. 甚至在创建新用户帐户时也会出错, 比如分配过于宽松的访问权限, 是否被系统检测到, 防止潜在的有害错误影响业务操作.
另外, companies with significant regulatory compliance requirements benefit from a CIEM platform’s automated auditing features. This 方法 provides a documentation trail detailing the company’s tight controls on cloud access, 特别是那些关键的数据隐私考虑. 银行公司, 保险, 金融部门尤其受益于这一功能.
作为一种新兴的云管理解决方案, 随着时间的推移,CIEM平台有望增加更多的改进. Still, any current limitations are greatly outweighed by their significant benefits.
However, when analyzing potential CIEM vendors, choose one known for building holistic solutions. Many existing IAM vendors simply port over their non-cloud products without the seamless integration necessary to work in the complex multi-cloud of today.
Any effective solution for cloud-based IAM must take into account each client’s unique 方法 to their cloud infrastructure. This is especially the case at organizations with complex policies regarding cloud access 和 permissions.
2022 Cloud Misconfigurations Report: Latest 云安全 Breaches 和 Attack Trends