GigaOm Key Criteria for Evaluating Cloud Infrastructure Entitlement Management (CIEM) Solutionsv1.0

1. Executive Summary

In the on-premises world, organizations can achieve total control over their information assets. Their business objectives are served by technological tools that are protected by a battery of mature, adapted, and proven security systems. However, the on-premises world lacks operational flexibility, is difficult to scale, and is expensive to operate. Over time, these disadvantages end up weighing on the bottom line.

With the arrival of cloud computing, organizations have seen gains in budgetary efficiency, operational agility, and the ability to refocus on their core business—hence, the cloud-first strategy orientation of most organizations in recent years.

When executing a cloud-first strategy, though, organizations quickly faced the challenges of securing information assets in the cloud. What worked well within a company’s physical perimeter did not adapt to the cloud, particularly in the field of identity and access management (IAM). Issues include:

• Loss of visibility into corporate identities and resources.
• Loss of control over who has access to what and for what reason.
• Difficulty identifying roles, excessive permissions, and unusual behavior.
• The dynamic nature of cloud computing coupled with new practices such as infrastructure as code (IaC), DevOps, and the arrival of IoT. These bring with them new types of identities that are created or deleted on the fly and rights that are granted or revoked at any time, all outside the controls of traditional IAM systems.

For some time now, there have been many specialized products on the market aimed at securing developments and operations in the cloud environment. The IAM field has remained a bit behind, and none of the existing cloud security products, such as cloud access security brokers (CASB), cloud security posture management (CSPM), cloud workload protection programs (CWPP), or others comprehensively meet the requirements of cloud IAM.

In 2020, cloud infrastructure entitlement management, or CIEM, emerged to help organizations monitor and manage cloud infrastructure access entitlement by applying the principle of least privilege when creating, deploying, using, and managing cloud infrastructure services. With CIEM, organizations gain greater control over their cloud environments, minimize security risks, and protect valuable data and resources.

Business Imperative
As the cloud environment of most organizations becomes increasingly complex, it becomes more and more difficult to manually manage access. Organizations can have millions of permissions extended to users, entities, and systems on multiple clouds all over the world. Without effective management, this can lead to significant security risks, making it more likely that some account somewhere will be compromised. However, older security solutions are not able to address modern issues of identity and access management.

In contrast, CIEM solutions include comprehensive entitlement visibility, integration with existing security tools, customizable reporting and dashboards, and the ability to tailor permissions that are appropriate to a particular entity at a particular time. CIEM enables organizations to visualize all of the entities—human or otherwise—that require access, determine what kind of rights are needed, and accord them as needed.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a CIEM solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a CIEM solution, we provide an overall Sector Adoption Score (Figure 1) of 3 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a CIEM solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for CIEM are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption Score for CIEM

This is the first year that GigaOm reports on the CIEM space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective CIEM solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading CIEM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.