Moreover, we are delighted that Gartner has created a new category that further validates the problem CloudKnox is solving. That problem is now a top-of-mind cloud security issue for Security and Cloud Infrastructure teams – the Cloud Permissions Gap.
Gartner’s report states that “by 2023, SaaS-delivered, converged IAM platforms will be the preferred adoption method for IGA, AM, and PAM in more than 45% of new IAM deployments. This new preferred adoption method, together with the increasingly complex management of granular multi-cloud identity entitlements, is motivating the emergence of a submarket of IAM specialized tools such as CloudKnox, for cloud infrastructure entitlement management (CIEM)."
While recent, well-publicized breaches likely catalyzed increased attention on this complex multi-cloud challenge, AWS’s CISO Stephen Schmidt provided the foundational context for the problem AND solution when he stated the following: “Even if a customer misconfigured a resource, if the customer properly implements least privilege policy, there is relatively little an actor has access to once they are authenticated – significantly diminishing the customer’s risk.”
Ironically, successfully implementing the principle of least privilege in the cloud is often seen as the holy grail for even the most mature security organizations. The challenge stems from one of the cloud’s greatest benefits – automation – which makes it very easy to spin up new resources and grant wide-ranging permissions in the process. Today, over 40K permissions exist across the key cloud platforms, of which 50% are high-risk because they could cause catastrophic damage if used improperly.
Furthermore, the typical identity needs less than 1% of these permissions to perform their daily tasks. That leaves 99% of all permissions unused, unchecked, and open to errors by well-intentioned employees or exploitation from hackers. We define this as the Cloud Permissions Gap. The gap only grows as cloud footprints expand without protocols and capabilities in place to properly assign, manage, and monitor these permissions across their cloud environments.
CloudKnox’s Cloud Permissions Management Platform is purpose-built to solve this problem.
Gartner, Cool Vendors in Identity and Access Management and Fraud Detection, Felix Gaehtgens, Michael Kelley, Jonathan Care, Akif Khan, Henrique Teixeira, 26 May 2020 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.