Why do enterprise SOC teams need CIEM now?

What is CIEM?

Among the many changes of 2020, Gartner added a new category: cloud infrastructure entitlement management (CIEM). While CIEM may sound similar to SIEM (security information and event management), the two security solutions are not the same, and CIEM is increasingly vital as organizations continue to prioritize company-wide digital transformation and deployment of zero trust architecture.

Back in 2005, when enterprise networks were largely on-prem and firewalls were all the rage, Gartner coined the term, security information and event management (SIEM). For the first time, a single security solution could collect, store and analyze all server logs across all network traffic, generating valuable security alerts and speed up incident response and remediation. Companies like IBM QRadar and HP ArcSight have been in the SIEM market for a long time, and cloud-native SIEM vendors, including Splunk, Sumo Logic and Exabeam offer a wider set of capabilities suited for cloud-first and hybrid environments. But none of these SIEM vendors have the ability to extend their platform to manage and enforce entitlements and permissions for the multi-cloud and hybrid cloud enterprises.

CIEM is the next generation of solutions for managing entitlements and permissions for all cloud infrastructure identities and resources and enforcing least privilege policies in the cloud. This enables organizations to design and implement zero trust architectures in multi-cloud and hybrid cloud environments. And as multi-cloud adoption continues to increase across the industry, the movement of workloads to such environments requires in-depth visibility and analysis of cloud infrastructure accounts, permissions, entitlements and activity, and granular controls.

So, why do enterprise SOC teams need CIEM now?

The only way to address the monumental challenge of securing an organization’s hybrid and multi-cloud infrastructures is by identifying their Cloud Permissions Gap risk and by successfully implementing the principle of least privilege (PoLP) and Zero Trust Access. However, Zero Trust Access is impossible to achieve unless the enterprise can manage and eliminate over-permissioned identities in their cloud infrastructures effectively. What’s more, managing security system administrators, developers, machine identities and cloud resources in multi-cloud environments manually is impossible because of the exponentially increasing number of identities, granular permissions and cloud native services.

A comprehensive CIEM solution can solve all of this for the organization. But how do security operations center (SOC) teams know what to look for? Here are the top three questions all CISOs evaluating a CIEM offering should ask:

1. Scope: Does the platform address the three core pillars of CIEM–identity and authorization management, anomaly detection and response, and continuous compliance?
2. Ease of deployment and use: Can the CIEM offering function across hybrid and multi-cloud environments with quick deployment and uptime?
3. Integrations: What are the technical credentials and background of the management team? How does the offering integrate within your existing security stack?

Then, as evaluators dig deeper into assessing how a given CIEM solution meets the unique security needs of their organizations, here are a few other criteria to consider:

Authorization management

  • Does the platform support all key cloud platforms (AWS, Azure, GCP, and VMWare)?
  • Does the vendor offer a cross-cloud dashboard or a single interface with a consolidated multi-cloud view of all identities, actions and resources?


  • Does the platform combine discovery, analytics and governance (remediation) of access?
  • What level of granular visibility and insights can be achieved within every action performed by any identity across any resource?

Automated permissions management

  • Can the platform support permissions right-sizing and least privilege role creation across any cloud with a single click?
  • Does the platform remove unused or high-risk permissions automatically?
  • Does the platform have the option to grant permissions on demand or as-needed?

Anomaly detection

  • Can the platform produce alerts for any anomalous activity, including unusual patterns or behavior, geo-location access and client type?

Compliance engine

  • Can the platform discover and fix violations against security best practices and compliance standards?

Ultimately, the right CIEM solution should be able to fit in an organization’s existing environment with all of this functionality across all hybrid and multi-cloud infrastructures.

Just as SIEM started as an acronym and then became an essential piece of any SOC security stack within a few years, we predict CIEM will become just as important. Organizations from all industries of all sizes are prioritizing digital transformation strategies and as such will need to be able to secure their cloud environments effectively. The SOC’s cloud security stack is not complete without comprehensive identity management capabilities.

Do you know your risk?

The first step to your comprehensive identity management capabilities is to know your risk. With only 30 minutes of your time, our team of cybersecurity experts will uncover your cloud identity and access management risk profile and deliver your unique Cloud Identity Risk Assessment in less than 24 hours free of charge with no obligation. Start your complimentary risk assessment now!

Don't miss