June 7, 2022 By Angelika Steinacker 2 min read

In March 2021, we posted a three-part series about whether cloud-native identity and access management (IAM) controls are good enough for an enterprise. Many of the points we raised at that time are still valid. However, the industry has developed and learned a lot since then.

More companies and analysts now recognize cloud identity and access governance (CIAG) as key. The lack of CIAG is a potential threat to any organization with a cloud environment. This is a big step forward. After all, you can only fix problems you know about.

The challenges of a cloud environment

When you have a cloud environment (or multicloud environment), one of the biggest challenges is to understand what’s really happening with users and access rights. Why? Freely granting undefined access to anyone who needs to manage a cloud device creates uncertainty within and among environments. Therefore, it’s difficult to manage access privilege controls.

If threat actors obtain access rights, they can breach the system. Many of the access conditions in cloud environments hold privileges in such a way that they can create a back door into the business. For example, an administrator might have access to business data. The misuse of these privileged access rights can cause severe damage to your data, people and reputation.

A good example of the impact of unmonitored access is the Lapsus$ group. They used human and non-human identities to get access to cloud accounts and stage further attacks. Once they had the identities, they could then set up virtual machines for nefarious purposes and make other unwanted inroads.

What is CIAG?

The first goal of CIAG is to gain reliable insight into the access rights assigned to users (human or non-human) in your cloud environments. It also shows how these access rights are being used or not used. That’s where various tools come into play to support recognition and remediation. Cloud infrastructure and entitlement management is a combination of processes and solutions that deal with this new breed of IAM.

Tools are an important part of the solution, but you still need to integrate the results and findings into your corporate IAM framework. This integration cannot be a one-time clean-up or creation of some new roles. Instead, it needs to set up an IAM framework that provides the means to maintain these results.

Setting this up is not just about technical implementation, either. CIAG takes people, processes and policies to implement a working IAM framework. People often make light of the hard work needed to coordinate with business stakeholders, as well as developers, admins and DevOps engineers. You can make this easier through strategy boards and joint working groups or communication campaigns. We will discuss these aspects of CIAG further in part two of this blog.

In addition, a different ‘clock rate’ is required for the cloud than for traditional IAM processes. Therefore, automate as much as possible. For example, you might automate approval processes by using pre-defined and pre-approved roles and rules specific to cloud-based use cases.

Learn more about CIAG

As an orchestration layer, CIAG manages identities in cloud environments and provides governance for identities and access rights. It also enables integration into an enterprise IAM framework.

Explore more about CIAG and related topics in the webinar The Cloud Security Maturity Model: Setting Priorities in your Cloud Security Roadmap and in part two of this blog.

More from Cloud Security

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Best practices for cloud configuration security

5 min read - Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient, scalable and cost-effective ways to deliver computing resources.Cloud computing enables on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) over the internet. Instead of owning and maintaining physical hardware and infrastructure, users…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today