CloudKnox Security extended support for serverless functions on Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). The enhancement adds serverless functions to a substantial list of permissions management capabilities, including users, bots, service accounts, access keys, and other resources.
The company also announced an integration with ServiceNow, the next step of many towards realizing CloudKnox’s next gen cloud security and permissions management vision.
Together, the support for serverless functions and ServiceNow integration underscore CloudKnox’s market lead with the most comprehensive support offering in the cloud infrastructure entitlement management (CIEM) segment.
With this extension, CloudKnox customers gain remediation for multi-cloud serverless functions, allowing security and infrastructure teams to generate a right-sized permissions policy based on activity of roles associated with the serverless function.
In a recent assessment within CloudKnox’s customer base, the company discovered that by categorizing serverless function as non-human identities, the ratio of human to non-human identities jumped from 1 in 5 to 1 in 10.
Given the industry shift from cloud native architecture to microservices, this ratio is expected to continue growing and has led to a need for a holistic permissions management platform. As such, it is critical that organizations take proactive control over managing resources and identities permissions.
“The ephemeral nature of serverless functions leads people to believe that over provisioning for serverless functions is harmless. But the reality is that serverless functions are full-fledged machine—non-human—identities, meaning they can access your infrastructure in the same way a human user can,” said Raj Mallempati, Chief Operating Officer, CloudKnox.
“If a serverless function is over-permissioned, it can cause the same costly damage—either accidentally or maliciously—to an enterprise’s infrastructure that a human user can. As with all identities, serverless functions must be monitored and right-sized when necessary.”
To manage the exponential increase in identities, many companies use information technology service management (ITSM) tools for permissions management and security incident tracking. By integrating with ITSM tools, such as ServiceNow, CloudKnox makes permission automation and permissions on demand possible.
Rather than granting always-on “standing permissions,” organizations can enable access to permissions and resources that are needed for specific tasks for a predefined time, at which point the permissions are rescinded automatically. Plus, by prioritizing such integrations, CloudKnox can fit into any customer’s existing technology ecosystem—no matter the tools they have deployed.
“We’re working with our customers and partners to mitigate the risk of permissions abuse by eliminating the permissions or entitlements gap, thereby preventing unauthorized access to sensitive data,” said Mallempati.
“We take pride in assisting our clients with the monumental challenge of securing their hybrid and multi-cloud infrastructures by identifying their Cloud Permissions Gap risk and successfully implementing the principle of least privilege (PoLP) and Zero Trust access to address it.”
As CloudKnox continues to maintain their industry-leading market position, the company will be introducing more product features in the coming months, including support for container workloads on Kubernetes.
The Cloud Permissions Management Platform was recently named among CRN’s Top 10 Hottest Cloud Startups of 2020 and offers a free Cloud Identity Risk Assessment to help enterprises understand their cloud identity and resource risk profile.