Secure cloud – controlling privileges via CyberArk Cloud Entitlements Manager

Enterprises tend to move data to the cloud more and more frequently. How about the security of such data? The Sophos Report (The State of Cloud Security 2020) shows that nearly a half (47%) of Polish companies had been exposed to a breach of data in the cloud during one year prior to the survey. 84% of these incidents were caused by errors in the service configuration. How can one control access to data in the cloud and monitor the use of resources? CyberArk Cloud Entitlements Manager can help.

Studies conducted by Sophos confirm the global scale of this issue. As many as 90% of accounts in the cloud (used worldwide) have inordinate access to sensitive data and wrongly assigned roles allowing to manage users’ access to resources.

Hackers make use of such vulnerabilities. Cybercriminals capitalise on increasing and often unused privileges to gain access to critical cloud infrastructure, to steal or change sensitive data or to disrupt services hosted in the cloud.

Companies tend to build IT environments which comprise many different cloud-based platforms. Identifies are created on these platforms and then used by physical users, robots, devices, and applications. Particular clouds offer different access privileges or entitlements for such identities and these privileges should be securely configured and properly managed. Otherwise they can become the target of an attack that strives to take control over crucial resources. The dynamic nature of the cloud infrastructure configuration may lead to the accumulation of unused privileges. And this is a serious challenge to security teams, explains Krzysztof Andrian, CEO at Concept Data. When adequate visibility and control are lacking, it is easy to make a mistake and leave the company’s door open to cybercriminals. Solutions such as CyberArk Cloud Entitlements Manager prevent such situations from happening.

What is Cloud Entitlements Manager and how does it work?

CyberArk Cloud Entitlements Manager (CEM) is a solution made available in the SaaS model. It reduces the risk of cyberattacks through the implementation of the least privilege rule in environment with multiple clouds. CEM scans and continuously monitors the entire cloud-based environment, collecting and analysing data with the use of artificial intelligence. It detects erroneously configured or unused privileges. The results are displayed on one console with a clear layout.

CEM improves visibility and control, so any excessive privileges can be quickly and effectively deleted. The tool evaluates the threat-to-incident level for each connected cloud environment. It also makes it easy for organisations to assess privileges on an ongoing basis and it formulates risk reduction recommendations.

Cloud Entitlements Manager uses the IAM services of each cloud-based platform available in the company’s IT environment in order to identify and map privileges and entitlements in the cloud. This solution also enables detection of threats that are not normally tracked by the IAM tools, e.g. Shadow Admins. Shadow administrators are users with specific confidential entitlements that give them the possibility of escalating privileges in the cloud, adds Krzysztof Andrian.

CyberArk Cloud Entitlements Manager

• Scans entities in the cloud (entities include users, roles, groups or devices)
• Identifies which entities have privileges in the working area
• Analyses these privileges
• Identifies privileges granted to a given entity
• Analyses the use of privileges
• Identifies which privileges are used and which are left unused

Cloud Entitlements Manager identifies excessive and unused privileges which can be removed without disrupting any ongoing operations. Scanning can be performed automatically (daily) or on demand. The entire environment or a selected working area can be subject to the scan. The scanning time depends on the scale of the data and the platform, but usually it takes around 15 minutes.

Any companies interested in the possibilities provided by CyberArk Cloud Entitlements Manager can contact us at: info@conceptdata.pl. We will be happy to answer all your questions and recommend systems that will make your IT environments secure.

More about data security:

A new solution for companies hiring external contractors

CIAM. How to ensure the ease of use and data security

Imperva SONAR. A new dimension of data analysis and security