CloudKnox Security continues to expand its industry-leading position today, improving the Cloud Infrastructure Entitlement Management (CIEM) space with a key Amazon Web Services (AWS) technical partnership.
The CloudKnox-AWS Config integration leverages CloudKnox’s patented technology to help AWS users automatically enforce least privilege and Zero Trust access. This announcement moves the CIEM space another step forward as businesses continue to rely heavily on cloud computing with the global shift to remote work.
As an APN Advanced-tier partner available on the AWS Marketplace, CloudKnox now provides continuous monitoring and profiling of permissions granted to the thousands of users and roles leveraging AWS Identity and Access Management (IAM) permissions.
AWS Config is a service that enables system users to assess, audit, and evaluate the configurations of their AWS resources. The CloudKnox-AWS Config integration is a solution that provides continuous profiling of IAM usage and automated right-sizing of permissions—two factors key to mitigating catastrophic, collective damage in the event of a cloud breach.
“It is critical for organizations to enforce least privilege and Zero Trust access in their hybrid and multi-cloud environments. Not doing so leaves them open to significant risk, which could damage the business,” said CloudKnox COO Raj Mallempati.
“Strategic technical partnerships and integrations with leaders in the cloud space—particularly with major providers like AWS—allow us to extend our reach to more users, while also solidifying our position as the lead technical innovator for CIEM.”
The integration with AWS Config makes it possible for AWS users to enforce least privilege and Zero Trust access by continuously monitoring and reporting against CloudKnox’s patented Privilege Creep Index (PCI) and then automatically triggering remediation actions, if necessary, in real time.
The remediation action then uses an AWS Systems Manager Automation document that invokes the CloudKnox Just Enough Privileges (JEP) controller through a REST API. The JEP controller delivers an appropriately scoped IAM policy for the user based on the user’s previous activity. AWS Config remediation then automatically provisions that IAM policy for the user.
With the power of AWS Config and CloudKnox, users have the permissions they need instead of overly broad, unnecessary permissions that could—and often, do—leave the organizations vulnerable and open to risk in the event of a breach. Here, bad actors with optimal latitude could move within the cloud to collect sensitive information, disrupt business, or go after company assets, among other risks.