Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Achieving least privilege at cloud scale with cloud infrastructure entitlements management
Cyber Security: A Peer-Reviewed Journal,
5
(3),
227-236
(2022)
Abstract
Managing identities and permissions for enterprises at cloud scale is a major problem today. Cloud infrastructure entitlement management (CIEM) focuses on cloud access risk by providing enterprises with a robust platform for governance and entitlement controls and managing risk. Scaling out an enterprise’s infrastructure using public cloud comes with its own set of risks, including knowing all the identities that have access to your infrastructure and the permissions that they have once access is permitted. Ignoring the proliferation of identities and their associated permissions increases the potential attack surface for hackers who get access to cloud infrastructure. Implementing the principle of least privilege with CIEM helps enterprises manage their growing cloud infrastructure while keeping security in mind. This paper provides an overview of the problems that enterprises face with managing identities and permissions and how CIEM solutions can be effective for these issues.
Keywords: multi-cloud; CIEM; entitlements management; zero trust; least privilege
The full article is available to subscribers to the journal.
Author's Biography
Maya Neelakandhan is Head of Customer Success and Support at CloudKnox Security. As one of the founding engineers at CloudKnox, Maya was involved in building the patented CloudKnox activity-based authorisation platform which helps enterprises manage entitlements in VMware vSphere, Amazon Web Services, Azure and GCP cloud infrastructure. Her background includes over 20 years of hands-on technical expertise in enterprise and cloud deployments, identity and access management, SSO and identity federation. Prior to CloudKnox, Maya was part of the engineering team at Oracle in the identity cloud services team, Oblix and multiple other start-ups. Maya holds an engineering degree from the Indian Institute of Technology, Mumbai, India.
Guruprasad Ramprakash is a software engineer at CloudKnox Security, Inc. As one of the engineers on the team, he helped shape product-level requirements and implementation to manage identity and access management entitlements across VMware vSphere, Amazon Web Services, Azure and GCP cloud infrastructure. His numerous interactions with customers over his two-and-a-half years at CloudKnox helped shape his understanding of identity and permissions management. He holds an engineering degree from the College of Engineering, Guindy, Chennai, India.
Mrudula Gaidhani is part of Customer Success and Support at CloudKnox Security. Prior to CloudKnox, she was part of the engineering team at Oracle in the Oracle cloud infrastructure team. She has over 20 years of hands-on technical experience in identity and access management, AuthN, AuthZ with OAuth, OIDC, SAML protocols on enterprise and cloud deployments. She holds an engineering degree from the University of Mumbai, India.
