Cloud Infrastructure Entitlement Management (CIEM)

What is it?
In its Cloud Security Hype Cycle report, Gartner included a new category and corresponding “C” acronym, CIEM. This new archetype describes solutions focused on cloud Identity and Access Management (IAM), which is often too complex and dynamic to be managed effectively by native CSP tools alone. The emerging CIEM category is designated for technologies that provide identity and access governance controls with the goal of reducing excessive cloud infrastructure entitlements and streamlining least-privileged access controls across dynamic, distributed cloud environments.

In what context is it best used?
IaaS and PaaS environments.

Benefits and limitations

Benefits

• Provides visibility into who and what can access your cloud resources.
• Replaces time-consuming intervention to remediate overly permissive access and entitlements.
• Protects sensitive data.
• Prevents overly permissive or unintended access.
• Enables and empowers audit and compliance functions.

Limitations

• Many CIEM solutions are not constructed holistically; rather, many vendors that deal with IAM outside the cloud are creating piecemeal solutions based on separate products that deal with identity governance and administration, access management, and multi-factor authentication. Managing identity and access in the cloud requires a much broader contextual understanding of an organization’s cloud environments and the various complex policy layers that determine access and permissions.