{"id":120471,"date":"2020-10-22T18:00:53","date_gmt":"2020-10-23T01:00:53","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=120471"},"modified":"2020-10-26T14:20:19","modified_gmt":"2020-10-26T21:20:19","slug":"cloud-ciem","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/10\/cloud-ciem\/","title":{"rendered":"What to Know About Cloud Infrastructure Entitlement Management (CIEM)"},"content":{"rendered":"

Effective cloud native security relies on <\/span>properly administering identity and access management (IAM) policies<\/span><\/a> to users, workloads and data (also called entitlements). As cloud adoption continues to grow rapidly (Gartner forecasts that worldwide public cloud revenue will <\/span>grow 17% in 2020<\/span><\/a>), and given that resources are often created and spun down in a matter of hours or even minutes, a challenging reality has emerged for security teams \u2013 cloud infrastructure entitlement management (CIEM) is complicated and difficult to get right.\u00a0<\/span><\/p>\n

Further complicating effective entitlement management is the fact that most organizations utilize multiple cloud service providers, each with its own definitions and rules for entitlements. <\/span>According to Gartner<\/span><\/a>, \"<\/span>by 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.\"<\/span><\/i><\/p>\n

To address these challenges and continue our commitment to bring our customers the most <\/span>comprehensive cloud native security platform<\/span><\/a>, Prisma Cloud supports a number of identity-focused capabilities for stronger entitlement management.<\/span><\/p>\n

 <\/p>\n

What is Cloud Infrastructure Entitlement Management?<\/span><\/h2>\n

CIEM addresses cloud native security challenges of <\/span>managing IAM in cloud environments<\/span><\/a>. These challenges are often too complex and dynamic to be managed effectively by the native tools provided by cloud service providers (CSPs). The emerging CIEM category defines technologies that provide identity lifecycle and access governance controls, which ultimately reduce excessive cloud infrastructure entitlements and streamline least-privilege access controls across dynamic, distributed cloud environments (the principle of least privilege refers to limiting permissions for users to the bare minimum they need).<\/span><\/p>\n

 <\/p>\n

Challenges to Entitlement Management<\/strong><\/h5>\n

In addition to dealing with the complex and dynamic environment in which cloud native technologies operate, a CIEM solution should also address <\/span>privileged access management<\/b> and <\/span>identity governance and administration<\/b>.\u00a0<\/span><\/p>\n

\"Key<\/span><\/div>
The challenges addressed by a CIEM solution.\u00a0
Source: Gartner: \u201cManaging Privileged Access in Cloud Infrastructure\u201d June 9, 2020.<\/figcaption><\/figure>\n

 <\/p>\n

For privileged access management, a CIEM should:<\/span><\/p>\n