What's new

New Cloud Entitlements Manager features are released and announced on a varying cadence. Occasionally, updates that include only performance, stability and bug fixes, and do not require customer actions, are released without an announcement.

Information about new features is published on this page.

October 10, 2023

General availability for Cloud Security

The Cloud Security services are now generally available, and the accompanying tech docs are now available in the docs portal.

October 3, 2023

CEM data center in Frankfurt

We've added a new data center to meet the market demand in the mainland Europe region.

August 15, 2023

Enhanced CEM service

CEM has been completely revamped, and can now detect identity-related misconfigurations and assess the real risk combining the identity entitlement analysis. The key enhancements are detailed below.

Unified Cloud Security dashboard

The updated dashboard give you a single pane-of-glass view that provides identity entitlement analysis, gives organizations visibility into security risks, and highlights key insights for remediation.

For details, see Cloud Security dashboard.

Security rules

CEM includes a set of pre-defined rules that can detect identity misconfigurations in your cloud environment.

These rules are based on the security well architecture frameworks defined by leading cloud service providers, along with various industry compliance standards. The rules are defined using our proprietary, easy-to-use Cloud Query Language (CQL), and are used to continuously scan across your cloud environment to monitor and detect identity-related security issues.

All the major cloud providers are supported (AWS, Microsoft Azure, and Google Cloud).

For details, see Security rules overview.


A new Findings view lists the security rule violations that are discovered in your cloud environment. You can drill down to individual findings for specifics and context, along with detailed remediation steps for each finding to reduce or remove the risk.

For details, see View findings.


The improved Identities view lists the inventory of identities that have been discovered across your cloud environment. The view also provides an analysis of the entitlements that takes into account any hierarchical Identity and Access Management (IAM) bindings.

For details, see View identities.

Workspace delegation

You can delegate the administration of cloud workspaces to designated identities in your organization. Delegates are authorized to manage a specific subset of SCA policies that control access to your cloud environments. Delegates may also accept and reject on-demand access requests.

For details, see Manage workspace delegation.