Content Copyright © 2020 Bloor. All Rights Reserved.
Also posted on: Bloor blogs
After what was perhaps a slow start, enterprises have now embraced cloud computing in droves and it has become mainstream. According to the Flexera State of the Cloud 2020 report, almost all organisations are using cloud computing and 93% of respondents have adopted a multi-cloud strategy for greater flexibility, choosing what is best for differing needs.
Use of the cloud provides many benefits, not least of which is cost since services are priced on what customers are actually consuming on a subscription basis. Cloud-based services allow organisations to improve performance, enabling them to spin up new, modern applications quickly in order to achieve competitive advantage, as well as being able to provide access to resources for all those who need it, wherever they are and whenever they need it. As the world battles the current pandemic, this has proved to be vital for keeping the lights on.
Clouds on the horizon
But cloud computing is not without its challenges As more and more services are consumed in the cloud, organisations are struggling to keep a handle on who is consuming what, where and why. The research from Flexera found that mapping all relationships across applications, hardware and networking devices for each service used is cited by almost two-thirds as far and away the greatest challenge that they face in migrating to a cloud environment.
As computing environments continue to expand to encompass ever more services, devices and users, including third party suppliers and customers, gaining visibility into what each is allowed to do is a difficult challenge. And multi-cloud obscures the issue even further. When a user or entity is provided with access to a resource, they are given entitlements or permissions regarding the level of access that they are granted. Managing such entitlements on a massive scale is a gargantuan task. As a result, permissions that were once granted are no longer required in many cases, leaving too many users and devices with excessive privileges. Those excessive or unused privileges are a magnet for criminals who look to exploit them to gain access to sensitive data and information. The potential attack surface is magnified greatly.
A fast step to remediation
With its latest release, CyberArk is providing the tools that organisations need to cut through the fog and not only see clearly what is going on, but to fix problems found dynamically and cut their exposure to risks dramatically. Building on its heritage of privileged access management, Cloud Entitlements Manager finds and analyses unused and excessive permissions across all the major cloud environments, such as those giving access to customer records, that could be compromised. It then provides actionable recommendations for the most effective remediation in order to minimise exposure caused by excessive or unwanted privilege allocations. The platform is visually informative—both at an overall level and affording the ability to drill in to investigate any accounts or identities and their associated activity.
The platform is built on the principle of zero trust, in which permissions are granted only on an as-needed basis and then revoked when a task for which they were granted privileges is finished. It uses artificial intelligence to make appropriate decisions based on contextual information that calculates the risk associated with individual identities so that overall risk can be more effectively managed and reduced, both immediately and in the long term.
It does this by scanning and continuously monitoring all identities and associated entitlements to assess the risks to which an organisation is potentially exposed in order to close security gaps that are found. Given the scale of cloud deployments, this is a cumbersome task to do manually. Automation of these tasks is essential for enabling problems to be fixed quickly and effectively.
CyberArk’s Cloud Entitlements Manager can be used as a standalone tool that does not require that an organisation invests in its other products, although it is integrated with its other offerings to enforce least privilege for all environments, touching endpoints, servers, cloud workloads, applications, DevOps and containers.
However, it is consumed, any organisation deploying this new tool will soon reap the benefits not just of greater visibility into their cloud environments, but also of the risks that would otherwise be obscured. Any fog will be cleared away.