CIEM solutions: Manage access risk in multi-cloud environments

Today, many enterprises take advantage of multiple cloud environments, including public and private cloud infrastructures. For example, many enterprises benefit from the scalability and cost effectiveness of public cloud services. However, they also use private clouds environments that make it easy for enterprises to run custom applications. There are also several cases where the increased adoption of cloud-based applications and services creates new opportunities for modern enterprises. For instance, hybrid clouds offer the flexibility to work productively in any location whilst also reducing dependence on a single cloud provider. Despite their benefits, multi-cloud environments are also associated with various security and compliance risks. Therefore, modern enterprises must make provisions for managing and mitigating these risks based on the implementation of strong cloud security measures and policies such as policies for privileged access management.

Managing access risk across cloud environments has never been simple. There is an array of ways in which a business could make mistakes in managing access to cloud resources, such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS) resources. These mistakes can result in an increase in risk, as well as monetary loss. As a prominent example, whenever a company considers migrating applications to the cloud, there are many risks to consider, including security and privacy risks. To mitigate these risks, security experts advise that third-party services hold as little data as possible since they’re not under the control of the application’s creators. As another example, multi-cloud environments increase the number of places where information resides, which makes it more difficult to protect. In several cases multi-cloud deployments extend access beyond corporate perimeters, which creates questions about who should manage access risks and based on what policies.

Understanding Multi-Cloud Security Risks

Typical risks in multi-cloud environments include data breaches, security risks when transferring data across clouds, malware and more. In particular:

• Data Breaches: A data breach can be due to human error or malicious intent. Cloud-based data repositories are often vast and unstructured, which makes it easy for an attacker to hide in plain sight. Moreover, in multi-cloud environments, single cloud providers do not have access to all parts of an enterprise’s infrastructure. This makes it very difficult to pinpoint where a breach occurred. Also, it is challenging for companies to detect and respond quickly when data is stolen by malicious actors. To alleviate potential breaches organizations must prevent unauthorized access to sensitive data, using for example techniques like encryption and key management tools.
• Security risks when transferring data across clouds: In a multi cloud environment each cloud vendor has its own security policies, controls, and encryption methods. Thus, moving data between them can be challenging. Customers have very little control over how their information is handled once it leaves their network perimeter. This makes them vulnerable in cases where any link in the multi-cloud chain is compromised. Therefore, it is important for enterprises to monitor for suspicious activity when moving data between different clouds e.g., between public and private cloud platforms.
• Malware infections: Malware has always been a serious security threat. Unpatched systems on the network are one of the most common causes of malware attacks like ransomware. Cloud administrators must ensure that their systems have the proper patches before malicious parties get a chance to damage their infrastructure. In a multi-cloud environment, the risks of unpatched systems become higher, and it is very challenging to schedule the patching processes, while keeping them consistent and synchronized.
• Loss of access to critical applications or services: This can occur due to changes in the cloud provider’s contract or business plan. In multi-cloud environments, there is a need to manage multiple contracts and service level agreements. This increases the risks of outage due to non-compliance.

Cloud Infrastructure Entitlement Management (CIEM) Solutions

One of the best ways to mitigate these risks is to put a Cloud infrastructure Entitlement Management (CIEM) solution in place that can manage access to your multi-cloud environment.  CIEM solutions are designed to manage access risk in cloud environments. Hence, they can monitor access attempts and activities across multiple clouds at once towards helping companies protect their assets and stop threats before they impact them. A CIEM solution provides continuous visibility into attempts to access the cloud infrastructure and monitors any changes that occur within it. It can be used to detect unusual activity that could indicate an attempt for an attack or breach. For example, if an administrator attempts to log into a compromised server, their action will be detected by the CIEM solution as suspicious activity. This allows the company to investigate the action further and take appropriate actions before any damage occurs.

Modern CIEM infrastructures can also collect big data on access attempts and analyze them based on data analytics functions. The latter include machine learning and artificial intelligence capabilities. The outcome of the analysis is used to discover security potential threats and proactively protect against them. CIEM solutions can be used across multiple cloud environments, including for example clouds of popular vendors like Amazon Web Services (AWS), the Google Cloud Platform (GCP), Microsoft Azure, IBM Cloud and others. In a multi-cloud context, on-premises IT infrastructures and applications may have to be monitored as well. This leads to the deployment of a quite complex monitoring infrastructure, which copes with a variety of Identity and Access Management (IAM) infrastructures from different providers. Likewise, in such an environment cloud infrastructure entitlement management becomes more challenging. To relax the complexity of communications across different clouds, CIEM solutions comprise Cloud Access Security Broker (CASB) components. A CASB component is hosted either on a cloud or on-premise. It is a piece of software or hardware that acts as a bridge between the enterprise and the various cloud service providers.

CIEM solutions can automate security monitoring of login and resources access attempts across different clouds and applications. They log data from many sources across the different clouds (e.g., applications, network devices). In this direction, appropriate agents are installed on each server or virtual machine of the cloud infrastructure.  CIEM systems analyze this information and detect potential threats in real time. As already outlined, machine learning and artificial intelligence algorithms help to identify anomalies in the log files such as abnormal access control functions and related user behaviors. The goal is to act before a situation becomes dangerous and to initiate remedial or preventive measures. For instance, whenever a potential security issue is detected, a CIEM may automatically block access to sensitive information to stop the attack before it hits the target system or network component. In many cases CIEM information contributes to the operations of auditing tools that track compliance with regulations such as Europe’s General Data Protection Regulation (GDPR).

Many CIEM solutions come with Cloud Security Posture Management (CSPM) tools. The latter provide the means for defining compliance management, risk assessment, and incident response policies. They can be integrated with DevOps development processes and offer incident visualization functionalities. In this way they help organizations detect risks and avoid misconfigurations, including malicious configurations from adversarial parties.

In the context of enterprise security, cloud computing is at the heart of a new wave of innovation and transformation. Cloud services are becoming more than just a technology choice. They are an essential part of doing business. However, they are also driving change in the way enterprises think about and manage their security posture. The move to a hybrid and multi-cloud infrastructure is one that businesses have started making. Thus, companies are challenged to find ways to protect their business from the security risks of the multi-cloud infrastructure. This is the reason why it is worth looking at CIEM solutions that can help enterprises to cope with the complexity of managing security and access control across clouds.