\n<\/p>\n
Companies are deploying identity and access management (IAM) at a record pace as they seek ways to harden their network security. According to market research firm Statista, the global IAM market is projected to grow to $43.1 billion by 2029 — a significant jump from the $16 billion in revenue the industry recorded in 2022.<\/span><\/p>\n IAM lets companies dictate who can tap into IT resources by applying access and permission rules. These rules restrict access to only those users properly authorized to do so.<\/span><\/p>\n For all its utility, however, IAM’s effectiveness diminishes as more of IT migrates to cloud providers. Most businesses <\/span>already use more than one cloud provider<\/a><\/span> to deliver services.<\/span><\/p>\n A major benefit of IAM is it gives IT staff a 360-degree view of user access and permissions across internal and cloud-based networks. But when a <\/span>company has multiple cloud providers<\/a><\/span>, IAM doesn’t provide the same level of information — particularly when users cross into multiple clouds for different activities.<\/span><\/p>\n The implication is that IAM can go only so far.<\/span><\/p>\n Despite its benefits, IAM is limited in tracking real-time identity access on the cloud. It’s also challenged when tracking usage anomalies as they occur, thus precluding any immediate response.<\/span><\/p>\n Let’s examine a business hypothetical.<\/span><\/p>\n XYZ Co. designs jet propulsion systems. It uses a supplier management system hosted by a SaaS provider and keeps its engineering and product development information on a separate cloud.<\/span><\/p>\n A purchasing agent at XYZ works daily with suppliers, sourcing critical components for product builds. This agent’s identity access credentials allow them to interact with suppliers, negotiate contracts and place orders. Sometimes they need to substitute a particular component when the preferred component is unavailable. When that happens, the purchasing agent gets on the phone or communicates through email with the engineering and manufacturing design teams to confirm that the substitute component will work.<\/span><\/p>\n One day, however, a problem occurs. The agent needs to order a substitute component, but nobody is available in the engineering and manufacturing team. Instead, the agent accesses the engineering team’s database in the separate cloud. The agent isn’t authorized to do so, but they succeed nonetheless. Once on the engineering cloud, they drill down into a bill of materials for the product, isolate the part and pull up the specs to check for compatibility.<\/span><\/p>\n On the surface, the act seems innocent enough. But what if the same purchasing agent also decides to tap into new product development data on the engineering cloud and sells the information to a competitor? An IAM system with limited visibility could easily miss this cross-cloud activity and has few means to track or document it.<\/span><\/p>\n Enter <\/span>cloud infrastructure entitlement management<\/a><\/span> (CIEM). CIEM lets companies monitor all user activities across multiple clouds while providing granular views. The sector <\/span>is also growing fast<\/a><\/span>, with a projected compound growth rate of 44% between now and 2028, according to Markets and Markets.<\/span><\/p>\n So what can network managers do if they want CIEM to become part of their network security framework but currently only work with IAM? For many companies, using both <\/span>IAM and CIEM<\/a><\/span> will work. IAM vendors are also beginning to incorporate CIEM into their product suites, which has some long-term implications for costs and training.<\/span><\/p>\n As more enterprises adopt CIEM, consider the three following issues:<\/span><\/p>\n 1. Architecture and integration<\/span><\/span><\/p>\n How will you architect the combination of IAM and CIEM? In most cases, IAM is the foundational platform because it can track both on-premises and cloud users. CIEM, by its very nature, is cloud-only.<\/span><\/p>\n A proper IAM\/CIEM integration lets you see — and act — in both environments through a single pane of glass. As more IAM vendors build CIEM into their product portfolios, integration challenges should ease.<\/span><\/p>\n 2. CIEM security technologies<\/span><\/span><\/p>\n When IT staff adopt CIEM, they must master a new set of network observability and security tools. CIEM allows staff to monitor and respond to on-cloud user identity access issues, track activities, log audit trails and produce reports on user cloud activities.<\/span><\/p>\n 3. Cooperation with cloud providers<\/span><\/span><\/p>\n Each cloud service has its own set of security management tools, and implementing CIEM doesn’t change that. Network staff must familiarize themselves with the various security tools employed by each cloud provider and ensure they dovetail with their organization’s internal policies and procedures.<\/span><\/p>\n<\/div>\nIAM has limited visibility<\/h2>\n
Finding a place for CIEM<\/h2>\n
IAM and CIEM considerations for network managers<\/h2>\n