What is Cloud Entitlements Manager?

Enable your Cloud stakeholders to gain continuous visibility and control to reduce cloud-related risk.

The challenge

As cloud adoption increases, so does the attack surface, in the form of increasing permissions for business users and machine identities. The dynamic nature of cloud infrastructure configuration can lead to the accumulation of unused permissions. Attackers and malicious insiders can exploit these permissions to gain access to critical cloud infrastructure, steal or alter sensitive data, or interrupt cloud-hosted services. In a multi-cloud environment, rapidly accumulating permissions pose a significant challenge for Security and Operations teams. These stakeholders can quickly become tasked with managing thousands of permissions and services across unique cloud platforms, each with their own permissions models. As your organization turns to the cloud to drive new efficiencies, your Security and Operations teams may lack the cross-platform visibility and controls needed to efficiently manage permissions and follow best practices based on the principle of least privilege. This challenge is exacerbated by the shared responsibility model of the leading cloud providers, in which you are responsible for Identity and Access Management (IAM) controls in your unique environments. Particularly in multi-cloud environments, an inconsistent approach to managing permissions can quickly become a major security risk and an impediment to operational efficiency.

The solution

Cloud Entitlements Manager is a SaaS solution that reduces risk by implementing the principle of least privilege in multi-cloud environments. Cloud Entitlements Manager centralizes visibility and control of permissions across an organization’s cloud estate. Cloud Entitlements Manager provides deployable remediations based on the principle of Least Privilege to strategically remove excessive permissions. Cloud Entitlements Manager collects data and applies artificial intelligence to assign an exposure level score for each connected cloud environment. Cloud Entitlements Manager enables organizations to continuously assess the exposure level of their permissions and identifies recommendations for reducing risks. The Cloud Entitlements Manager exposure level scoring integrates into existing workflows such as Security Orchestration, Automation and Response (SOAR), authorization systems, and DevOps pipelines, unifying cloud security intelligence.

How it works

As a cloud-hosted SaaS solution, you can rapidly deploy Cloud Entitlements Manager and subscribe users to begin gathering intelligence across the following platforms:

  • Amazon Web Services (AWS)

  • Microsoft Azure

  • Google Cloud Platform (GCP)

Cloud Entitlements Manager uses the IAM services of each platform to identify and map the permissions across your organization’s cloud estate. Advanced detection capabilities also discover additional permissions risks that aren't typically tracked by the cloud providers’ IAM tools, for example shadow admins. Shadow admins are users with specific sensitive permissions that allow them to escalate privileges in the cloud.

Next, Cloud Entitlements Manager collects usage data for all existing permissions in an environment to identify excessive and unused permissions that can be removed without disrupting ongoing operations. Cloud Entitlements Manager uses this data to automatically calculate an exposure level score signaling the total permissions risk of each environment. To reduce this risk, Cloud Entitlements Manager creates a deployable policy to remove unnecessary permissions and lower exposure.Cloud Entitlements Manager's recommendations are informed by the principle of least privilege and account for the unique risks of each provider. Enforcing least privilege helps you follow cloud security best practices and comply with leading compliance frameworks. Meanwhile, API and Webhook integrations feed Cloud Entitlements Manager exposure level scores into your existing SOAR, authorization, and DevOps tools, augmenting the value of existing systems.