Cloud Privilege Broker: A CIEM Solution
Recently, analyst research firm KuppingerCole released their Executive Review: Cloud Privilege Broker report, exploring BeyondTrust’s debut into the Cloud Infrastructure Entitlement Management (CIEM) space.
In the report, KuppingerCole says:
“Given the speed at which organizations are moving resources to the cloud, and the lack of rigorous control over the process, BeyondTrust is clever to launch Cloud Privilege Broker into a market that needs to control access to a high number of cloud infrastructures within their organizations. Without a product like Cloud Privilege Broker, businesses will also have to grapple with the proprietary standards and identify tools of different cloud providers. Any product that can work around these standards, streamlining access, and providing risk-based insight into what’s happening in the cloud is welcome.”
This blog shares more insights from KuppingerCole and expands on why a CIEM-based approached is needed to help secure a multicloud world.
Security Consequences of Digital Transformation & Multicloud Environments
As the new normal of remote work continues to drive organizations to accelerate their digital transformation projects, there is an increase in multicloud adoption. Companies understand the benefits of leveraging cloud infrastructure and services for a wide variety of use cases, such as for DevOps processes, artificial intelligence, data capture and analysis, and many other applications. The dynamic nature of the cloud makes organizations more agile and better able to focus on business outcomes—not on managing infrastructure. But as multicloud adoption brings significant benefits, it also creates considerable management and security challenges.
In just a few years, we’ve seen explosive growth in the discreet number of cloud entitlements and permissions. Organizations have gone from managing fewer than 100 permissions in the cloud to an average of 5,000+ in each Cloud Service Provider (like AWS and Azure). Many of these new permissions are provisioned for non-human (machine) identities, supporting automated processes and data level integrations.
The accumulation of permissions generally exceeds the technical and business requirements. This creates a dangerous scenario where the probability of a damaging security or operations incident due to permission misuse—whether intentional or not—increases along with cloud adoption rates.
To make matters worse, permissions are often assigned by default, with little granularity. This means risky misconfigurations are created with ease. In the past year, 36% of companies suffered a serious cloud security incident. The vast majority were due to cloud misconfiguration.
The management of entitlements across multiple clouds is difficult, in part, given the disparate responsibility models from each Cloud Service Provider. It’s highly challenging for most organizations to manage a booming number of cloud accounts or subscriptions, and all the permutations of entitlements, without tools that help centralize and normalize access permissions with intelligence and automation. Expecting a human administrator to do this manually is simply asking for trouble. Cloud Service Providers (CSPs) provide some help and expertise, but only for their unique platform and services, with IAM and policy management tools.
Customers and prospects tell us that, for them, one of the most important factors in effectively managing cloud entitlements is visibility. Most organizations struggle with incomplete visibility and the ability to manage across multicloud environments. This leaves the door open for blind spots that can be exploited by malicious threat actors.
BeyondTrust Solution and KuppingerCole View
Cloud Privilege Broker (CPB) was built from the ground up to provide IT and Cloud teams immediate visibility of permissions and entitlements across multicloud environments. With the continuous discovery of users, roles, groups, and service accounts across multiple cloud platforms, the solution prioritizes a list of critical items that need attention with granular recommendations and guided remediations that are native to each Cloud Service Provider.
In their Executive View report, KuppingerCole positions Cloud Privilege Broker as a timely CIEM solution, well-suited for today’s increasingly complex world of many different cloud deployments. The BeyondTrust solution centralizes the visibility and management of permissions and entitlements, saving teams from the swivel-chair approach of chasing permissions across multiple platforms. The ability to quickly determine permissions-related risk is another factor that helps teams understand their entitlements landscape and take specific steps to mitigate risky situations.
KuppingerCole recognizes Cloud Privilege Broker’s comprehensive discovery process and immediate auto-classification of risk. The solution categorizes the risk of access permissions into high, medium, and low, recommending mitigation steps and significantly aiding any team’s risk management strategy.
Get the KuppingerCole CIEM Report
With powerful cloud-native CIEM tools, like Cloud Privilege Broker, cloud security does not have to be daunting. Customers can gain visibility and rely on built-in intelligence and guided remediation to ensure they’re closing the permissions gaps and keeping the bad guys out.
BeyondTrust is pleased to offer a complimentary copy of the KuppingerCole report Execute View: BeyondTrust Cloud Privilege Broker. Read the full report to gain insights into:
- New PAM and CIEM security controls built for multicloud environments
- Applying the principle of least privilege consistently across multiple cloud platforms
- An evaluation of BeyondTrust Cloud Privilege Broker.
Alex Leemon, Sr. Product Marketing Manager
Alex Leemon is a Sr. Product Marketing Manager at BeyondTrust, focusing on Privileged Password & Session Management and PAM for Cloud security solutions. She has over fifteen years of experience working with enterprise-level and Critical Infrastructure organizations solving safety and security challenges. Before joining BeyondTrust, Alex served in various roles related to the development of operational technology (OT) products and the Industrial Internet of Things (IIoT).