Remediate entity exposure

This topic describes how CEM provides guidance in order help you remediate an entity's exposure.

Fix recommendations

For each cloud platform, CEM provides specific recommendations that you can manually apply to your cloud environment in order to reduce your risk exposure.

Remediate risk for cloud entities

The available recommendations are shown in the Active recommendations table according to the cloud provider.

Remediation recommendations

Recommendation

Steps to take

Remove permissions that have not been used in 90 days

  1. Remove existing groups and inline or managed polices from the entity.

  2. Attach a new least-privilege inline policy using the JSON file supplied by CEM.

  3. Attach additional managed policies supplied by CEM .

Remove users from group

Remove those users from the group identified as not using the permissions granted to the group. CEM provides a list of users that you should remove.

Secure shadow or shadow admin with MFA

Activate MFA for this user. CEM supplies a link to the AWS user with instructions on how to activate MFA.

On-board an admin or shadow admin user from pending accounts

Manage this user in Privilege Cloud by adding them to the pending accounts queue.

Secure admin or shadow admin with PAM

Manage this user in Privilege Cloud. CEM provides the user name.

Remediation recommendations

Recommendation

Steps to take

Remove permissions that have not been used in 90 days

  1. If relevant, remove the entity co-administrator role.

  2. Run the Cloud Shell script provided by CEM to create a least-privilege custom role.

Investigate unused permissions

Investigate whether permissions can be removed. CEM identifies why these permissions should be investigated.

On-board an admin or shadow admin user from pending accounts

Manage this user in Privilege Cloud by adding them to the pending accounts queue.

Secure admin or shadow admin with PAM

Manage this user in Privilege Cloud. CEM provides the user name.

Remove classic administrator

Remove this role from your subscription (use role-based access control instead). CEM provides a link to the Azure docs that explain how to remove a classic administrator role.

Remediation recommendations

Recommendation

Steps to take

Remove permissions that have not been used in 90 days

  1. Run the G commands provided by CEM to create a least-privilege custom role and grant it to the entity.

  2. Replace existing roles with other out-of-the-box Google Cloud roles.

  3. Remove roles that are no longer needed.

Remediate a shadow admin entity

If CEM detects an entity with shadow admin permissions, use one of the following remediation options as a starting point when you implement a recommended fix.

Shadow admin remediation options

Option

Remediation

Remove all shadow admin permissions

The CEM fix removes all shadow admin permissions, even the ones that are being used.

Keep only shadow admin permissions in use

The CEM fix removes only unused shadow admin permissions.

Keep all shadow admin permissions

The CEM fix removes only those unused permissions that aren't related to shadow admin privileges. This is the regular CEM remediation.