Jamal Bihya, Author at Gigaom

CIEM: Bridging the Gap Between IAM and Cloud Security

Jamal Bihya — Fri, 22 Mar 2024 19:57:58 +0000

The cloud-first strategy is no longer in its infancy. This wave of change has impacted and continues to disrupt the entire traditional hosting paradigm, commonly referred to as on-premises IT services within the enterprise. There is no category in IT or networking systems that has escaped this seismic shift. In this article, we will focus on the impact of the cloud-first transformation strategy on the field of identity and access management (IAM).

Why CIEM Came into Existence

In the world of on-premises storage and computing, most accounts accessing enterprise systems are attached to human entities. Solutions have been developed to ensure good governance of these identities and their access privileges during their lifecycle in the enterprise. After a relatively short time, companies that have adopted IAM solutions have been able to control who has access to what and for what reason.

Then cloud hosting and computing arrived with promises of reducing the acquisition, operation, and maintenance costs of enterprise IT systems. Cloud hosting and computing also promised gains in operational agility and flexibility of IT tools. This promise, of course, is real and the gains are indeed achievable. However, the concepts of identity, entitlement, and privileges inherent in the cloud are no longer the same as they are for on-premises infrastructure.

In 2020, the term cloud infrastructure entitlement management (CIEM) appeared for the first time. CIEM, as a concept, has emerged to address all the new use cases specific to cloud computing. Some might consider CIEM as the natural extension of IAM into the cloud. But CIEM helps organizations to contend with the growing number of non-human identities, whether they are internet of things (IoT) object machines or software acting in the cloud, as well as ephemeral identities that require rights and access only for short periods. Additionally, CIEM solutions help reconcile the actions of these different types of identities across the various cloud platforms of the enterprise, as each cloud service provider (CSP) has its own vision of IAM in its platform.

Who Provides CIEM Solutions

There are three main categories of CIEM solution providers:

Vendors focused on CIEM: These are CIEM native companies that develop a solution addressing the problems or blind spots of IAM in the cloud. Usually, they offer their CIEM solution as a component of cloud-native application protection platform (CNAPP) or a cloud identity security platform.
Vendors focused on cloud security platforms: These are usually companies that already offer a set of cloud security components, such as cloud security posture management (CSPM), cloud workload protection platform (CWPP), and/or infrastructure as code (IaC), and want to add CIEM to their platform.
Vendors focused on IAM: Usually, these IAM solution providers are well-established in the on-premises market. Their entry into CIEM, an extension of IAM into cloud computing, should, to a certain extent, be a natural and expected move.

The market is still young in terms of both CIEM solution providers and CIEM functionalities themselves. Regarding CIEM solution providers, consolidations are underway, notably precipitated by the move of CIEM-centric companies into the realm of larger and more diversified IT players.

Purchase Considerations

When considering a CIEM solution, several important factors should be kept in mind:

Scope and coverage: Look for solutions that cover all relevant cloud services and platforms your organization uses or plans to use to ensure visibility into identities and their access in multicloud environments. Additionally, look for solutions that can detect gaps and anomalies in cloud access and provide remediation of gaps.
Integration: The solution should integrate seamlessly with your existing cloud infrastructure, identity management systems, and other relevant tools.
Security and compliance: Ensure the solution meets your organization’s security and compliance requirements, including data encryption, access controls, and audit capabilities.
Ease of use: Look for a solution that is user-friendly and easy to deploy, manage, and maintain.
Scalability: Choose a solution that can scale with your organization’s growth and changing needs.
Cost: Consider the total cost of ownership, including initial setup costs, licensing fees, and ongoing maintenance costs.
Vendor reputation and support: Select a vendor with a strong reputation for customer support and a track record of delivering reliable solutions.
Future proofing: Look for a solution that can adapt to evolving cloud technologies and security threats.
User feedback and reviews: Consider feedback from other users and industry experts to gauge the solution’s effectiveness and reliability.
Customization and flexibility: Ensure the solution can be customized to meet your organization’s specific needs and workflows.

Next Steps

To learn more, take a look at GigaOm’s CIEM Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, you can access the research using a free trial.

The post CIEM: Bridging the Gap Between IAM and Cloud Security appeared first on Gigaom.

GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM)

Jamal Bihya — Wed, 20 Mar 2024 15:00:18 +0000

Cloud infrastructure and endpoint management (CIEM) solutions enable organizations to efficiently manage and secure their cloud infrastructure as well as the endpoints (devices) that connect to it. CIEM solutions provide capabilities such as asset discovery, configuration management, compliance monitoring, and threat detection and response.

CIEM is essential for organizations looking to optimize their cloud operations, enhance their security posture, and ensure compliance with regulations. With the increasing complexity of cloud environments and the growing number of endpoints, and the proliferation of all sorts of identities in the context of the cloud, CIEM solutions help organizations streamline management tasks, improve visibility and control, and mitigate security risks.

CIEM solutions are primarily targeted at IT and security teams within organizations of all sizes, from small businesses to large enterprises. These teams manage and secure the organization’s cloud infrastructure and endpoints, and CIEM solutions provide them with the tools and capabilities needed to effectively perform these tasks.

The business imperatives to which C-Suites are sensitive should help them consider adding CIEM to the company’s cloud security battery include:

Operational efficiency: CIEM enables organizations to automate manual tasks, reduce complexity, and improve overall efficiency in managing their cloud infrastructure and endpoints. This can result in cost savings and improved productivity.
Security enhancement: CIEM helps organizations enhance their security posture by providing real-time visibility into their cloud environment and endpoints, as well as the ability to detect and respond to security threats quickly and effectively.
Compliance assurance: CIEM solutions help organizations ensure compliance with industry regulations and internal policies by providing continuous monitoring and reporting capabilities.
Risk mitigation: By proactively identifying and addressing security risks and compliance issues, CIEM solutions help organizations mitigate the potential impact of security breaches and compliance violations.
Business continuity: CIEM solutions help ensure business continuity by providing robust backup and recovery capabilities for cloud-based data and applications, reducing the risk of data loss and downtime.

This is our first year evaluating the CIEM space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 10 of the top CIEM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading CIEM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

The post GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM) appeared first on Gigaom.

GigaOm Key Criteria for Evaluating Cloud Infrastructure Entitlement Management (CIEM) Solutions

Jamal Bihya — Fri, 08 Mar 2024 18:13:33 +0000

In the on-premises world, organizations can achieve total control over their information assets. Their business objectives are served by technological tools that are protected by a battery of mature, adapted, and proven security systems. However, the on-premises world lacks operational flexibility, is difficult to scale, and is expensive to operate. Over time, these disadvantages end up weighing on the bottom line.

With the arrival of cloud computing, organizations have seen gains in budgetary efficiency, operational agility, and the ability to refocus on their core business—hence, the cloud-first strategy orientation of most organizations in recent years.

When executing a cloud-first strategy, though, organizations quickly faced the challenges of securing information assets in the cloud. What worked well within a company’s physical perimeter did not adapt to the cloud, particularly in the field of identity and access management (IAM). Issues include:

Loss of visibility into corporate identities and resources.
Loss of control over who has access to what and for what reason.
Difficulty identifying roles, excessive permissions, and unusual behavior.
The dynamic nature of cloud computing coupled with new practices such as infrastructure as code (IaC), DevOps, and the arrival of IoT. These bring with them new types of identities that are created or deleted on the fly and rights that are granted or revoked at any time, all outside the controls of traditional IAM systems.

For some time now, there have been many specialized products on the market aimed at securing developments and operations in the cloud environment. The IAM field has remained a bit behind, and none of the existing cloud security products, such as cloud access security brokers (CASB), cloud security posture management (CSPM), cloud workload protection programs (CWPP), or others comprehensively meet the requirements of cloud IAM.

In 2020, cloud infrastructure entitlement management, or CIEM, emerged to help organizations monitor and manage cloud infrastructure access entitlement by applying the principle of least privilege when creating, deploying, using, and managing cloud infrastructure services. With CIEM, organizations gain greater control over their cloud environments, minimize security risks, and protect valuable data and resources.

Business Imperative
As the cloud environment of most organizations becomes increasingly complex, it becomes more and more difficult to manually manage access. Organizations can have millions of permissions extended to users, entities, and systems on multiple clouds all over the world. Without effective management, this can lead to significant security risks, making it more likely that some account somewhere will be compromised. However, older security solutions are not able to address modern issues of identity and access management.

In contrast, CIEM solutions include comprehensive entitlement visibility, integration with existing security tools, customizable reporting and dashboards, and the ability to tailor permissions that are appropriate to a particular entity at a particular time. CIEM enables organizations to visualize all of the entities—human or otherwise—that require access, determine what kind of rights are needed, and accord them as needed.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a CIEM solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a CIEM solution, we provide an overall Sector Adoption Score (Figure 1) of 3 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a CIEM solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for CIEM are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating CIEM Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for CIEM

This is the first year that GigaOm reports on the CIEM space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective CIEM solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading CIEM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Key Criteria for Evaluating Cloud Infrastructure Entitlement Management (CIEM) Solutions appeared first on Gigaom.

Strengthening the Human Firewall: Security Awareness Training

Jamal Bihya — Fri, 19 May 2023 09:03:16 +0000

Why do we need cybersecurity awareness training? To me, having put together our Cybersecurity Radar Report, the answer is simple: given that it is impossible to prevent all attacks automatically, we need to make humans part of our firewall. Awareness training enables the mitigation of human risk when sitting in front of a computer.

From my perspective, cybersecurity training is not new, but it is still hugely needed. Statistics show that 90% of the time, the cause of a breach was not because of a weakness in the technology, but from human error. The majority of the time it was a human factor.

In terms of target groups, we can consider first Cybersecurity Professionals, who have to certify the systems in cybersecurity programs, or conduct audits. Then, the larger population, which is you, me and everybody who sits in front of a computer and that connects to the Internet. Professional security training tends to involve more formal courses and structured lists of topics, but organizations tell us how even with this in place, they are still being subjected to attacks.

This need is driving new forms of blended training into the market. The content may be the same, but the delivery methodology and format are different. Today, it is more based on psychological concepts, looking to change the behavior of people and make it instinctive while they are working.

Security awareness training can still be included in the formal training you get when you join an organization. In addition, it can work alongside you. If you commit a security error, a product can capture that on the spot and send you a ‘just in time’ training, to grab your attention, a reminder ‘you should not do this’ etc. This will not simply be a reaction from software that blocks you, but a 3 or 5 minute training capsule. Once you have completed that, the system continues to monitor your behavior and whenever it’s required, can repeat the training to push you on that area, so you build the right reflexes.

The goal is not perfection. For example, consider when a busy end-user receives a call. It could sound like it is from an engineering company, where it is actually somebody trying to trick them. The idea behind awareness training is not to reach 100% success in such phishing attacks, but to change everyone’s reflexes. If I see an email with a link, my reflex should be to not click on the link. There’s a big difference between 70% success vs 30%.

To deliver on this, vendors need to offer organizations the most appropriate way to deliver awareness content so it fits human psychology, when people are in front of a computer. In addition, it requires a comprehensive library in terms of topics. This goes beyond phishing, for example if I plug in a USB that I have found in the street, that creates another attack vector.

Finally, for cybersecurity awareness to be successful, you have to get the buy-in of the corporate world. You have to get people involved, and keep them motivated. If a user has had formal training and doesn’t want to cooperate further, that’s a much bigger problem!

The post Strengthening the Human Firewall: Security Awareness Training appeared first on Gigaom.

GigaOm Radar for Security Awareness and Training

Jamal Bihya — Mon, 06 Mar 2023 14:16:43 +0000

Designing a defense strategy against cyber threats for systems, networks, and data that focuses only on technologies does not guarantee an organization’s information assets will be protected. Neglecting the risk associated with the human factor for securing the company’s perimeter is an oversight that sooner or later will be exploited by cybercriminals. The statistics prove it. The majority of successful cyberattacks are made possible by accidental human failure, often due to a person’s lack of vigilance, ignorance of the issues and risks related to certain behaviors, or a lack of commitment to contributing to the defense of the organization’s security.

The question that arises, therefore, is how to make employees themselves a firewall against cyberthreats. The answer involves the systematization of awareness and training in security concerns for all company employees.

This is nothing new because security awareness and training (SA&T) programs have been around for a relatively long time in the IT world. And yet attacks exploiting human vulnerability continue to succeed.

Why? The battle to capture the very fragmented attention of employees during training is ongoing. The challenge is no longer just about the content of SA&T programs but increasingly about the mechanisms, methods, and means of delivering the content in such a way that it is impressed on the mind of each employee. The goal is to both change the organizational culture toward security and to impact employee behavior to support it.

The market’s response to this challenge comes from companies that were already specialized in the training of cybersecurity experts or from young and innovative offshoots that were launched specifically to address the need for SA&T in organizations.

The notable difference between the two types of SA&T providers lies in the way they approach the issue. Those already involved in training tend to concentrate on the breadth and richness of the cybersecurity library content, while those newer to the SA&T field focus more on how that content is delivered, with the clear and stated goal of having an observable and measurable impact on individual behaviors and enterprise cultural changes. To do this, these providers use psychological concepts governing the mechanisms of behavior change in humans coupled with innovative pedagogical concepts. SA&T subjects are delivered in micro and nano capsules dealing with a particular point or by resorting to audiovisual or gamification techniques from the world of entertainment.

Clearly, both content and delivery are important, so the choice of an SA&T product should consider not only the richness and continuous renewal of the cybersecurity library content but also the methods, means, and format of delivering of security topics.

This GigaOm Radar report highlights key SA&T vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Security Awareness and Training Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

The post GigaOm Radar for Security Awareness and Training appeared first on Gigaom.

Key Criteria for Evaluating Security Training Solutions

Jamal Bihya — Sat, 25 Feb 2023 00:44:31 +0000

When a security breach occurs, there’s a high probability that the origin of the breach is due to negligence, a lack of information, or an under-trained employee or group of employees. As such, it’s imperative that organizations deploy the best technological tools to protect company assets.

But technology is just one step in building an organization’s cybersecurity strategy. The next—and arguably more important—step is raising awareness, changing employee behavior, and changing company culture around actions that could endanger the company’s security. This involves training and educating employees and business partners on the cybersecurity issues and risks that threaten company assets and the financial, reputational, and legal consequences that may result from a breach.

And this is all the more difficult nowadays because employees and business partners can work from anywhere, at any time, using all kinds of devices; and the diversity of employees’ backgrounds and cultures can challenge security awareness and training content designers.

Implementing a security awareness and training (SA&T) program to mitigate the risks associated with the human factor in a company becomes a cornerstone in the building of countermeasures to attacks on company assets. The program must be based on the policies of the company and on the general recommendations of the National Institute of Standards and Technology (NIST) and other standards bodies. The program must also consider the risk profiles associated with different categories of employees and business partners.

Different levels of security training should be considered depending on the target population: from general training for the majority of on-site and remote employees and contractors to instruction on specific technological tools for subject matter experts.

This GigaOm Key Criteria report details the capabilities (table stakes, key criteria, and emerging technologies) and evaluation metrics (non-functional purchase drivers) for selecting an effective SA&T solution. The companion GigaOm Radar report identifies vendors and products that excel in those criteria and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading SA&T offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

How to Read this Report

The post Key Criteria for Evaluating Security Training Solutions appeared first on Gigaom.

GigaOm Radar for Cloud Access Security Broker

Jamal Bihya — Fri, 22 Jul 2022 19:45:18 +0000

An ever-increasing number of organizations are moving data and applications to the cloud; however, concerns regarding this approach remain—in particular, the perceived loss of control over who is doing what, when, and where. On the one hand, the economic arguments are appealing, but on the other, operational challenges may be daunting.

A product that can reduce the inherent risks of the cloud, while enabling flexibility and elasticity and lowering operating costs, can become the cornerstone of an organization’s cloud-first strategy. A cloud access security broker (CASB) platform can help achieve this goal.

Discovering, monitoring, tracking, and managing access to cloud applications enables organizations to quickly identify and mitigate potential cybersecurity risks to corporate information assets. A CASB platform aims to:

Act as a firewall to identify malware and prevent it from entering the enterprise network.
Authenticate users’ credentials and ensure they access only appropriate enterprise resources.
Serve as a web application firewall (WAF) to thwart malware designed to breach security at the application level, rather than at the network level.
Act as a data loss prevention (DLP) mechanism to ensure users can’t transmit sensitive information outside of the corporation.

Vendors offering a CASB solution include pure cloud-native CASB players, traditional IT product manufacturers who are extending their offerings to CASB solutions, and managed, cloud, and network service providers who are looking to capture a share of this growing market. The solutions vary from CASB as a feature to CASB as a component of a larger security platform.

This GigaOm Radar report highlights key CASB vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating CASB Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.

How to Read this Report

The post GigaOm Radar for Cloud Access Security Broker appeared first on Gigaom.

Key Criteria for Evaluating Cloud Access Security Broker Solutions

Jamal Bihya — Tue, 12 Jul 2022 17:40:32 +0000

The migration of IT support and IT business systems to the cloud is becoming the new way of doing business. Common variations include infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Of course, with this new paradigm comes new challenges, especially with regard to information security.

Managing risk in this new environment is even more critical than in traditional on-premises setups. Cloud migration changes the concept of a company’s perimeter—its IT systems no longer reside solely under the control of its IT teams. This means that the entire organization’s cybersecurity defense tool stack and structure are affected. From inventory and visibility into who is doing what and how—in IT systems, data protection, threat prevention and detection, and information security governance—everything must be redesigned and new, more appropriate tools deployed.

A cloud access security broker (CASB) is one of the new cloud-specific security products that should be assessed by companies migrating to the cloud. A CASB is software that can be hosted on-premises, in a private cloud, or consumed as a SaaS application. Its role is to act as a security gateway between users and cloud service providers (CSPs). Among other things, it helps to detect security gaps at the cloud application (SaaS), PaaS, and IaaS level.

A CASB goes even further by helping organizations have better visibility into shadow IT—unsanctioned applications accessed from company devices on or off the corporate network. A CASB can apply the appropriate security policies, along with a granular approach to data protection, in an effort to bring shadow IT into the light.

CASBs make it possible to consider the context in which a given operation is taking place, whether it involves access to, or manipulation of, information. With this context, an enterprise can adapt the response accordingly instead of applying rigid rules and policies. These tools also make it possible to securely manage access to the company’s information assets from unmanaged equipment (BYOD).

CASBs are fast becoming essential elements of enterprise security. Their reliability helps allay enterprise fears and hesitation about doing business in the cloud. The role of the CASB will continue to grow as its integration into a wider range of enterprise information security tools makes it even more relevant and critical in enterprise cyber defense strategies.

The GigaOm Key Criteria and Radar reports provide an overview of the CASB market, identify capabilities (table stakes, key criteria, and emerging technology) and evaluation metrics for selecting a CASB platform, and detail vendors and products that excel. These reports give prospective buyers an overview of the top vendors in this sector and help decision makers evaluate solutions and decide where to invest.

How to Read this Report

The post Key Criteria for Evaluating Cloud Access Security Broker Solutions appeared first on Gigaom.

Jamal Bihya, Author at Gigaom

CIEM: Bridging the Gap Between IAM and Cloud Security

Why CIEM Came into Existence

Who Provides CIEM Solutions

Purchase Considerations

Next Steps

GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM)

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Key Criteria for Evaluating Cloud Infrastructure Entitlement Management (CIEM) Solutions

Key Criteria for Evaluating CIEM Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

Strengthening the Human Firewall: Security Awareness Training

GigaOm Radar for Security Awareness and Training

How to Read this Report

Key Criteria for Evaluating Security Training Solutions

How to Read this Report

GigaOm Radar for Cloud Access Security Broker

How to Read this Report

Key Criteria for Evaluating Cloud Access Security Broker Solutions

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption