How to reduce security risks posed by cloud identities?


By Andrei Dankevich – Product Marketing Manager Cloud Security, Check Point Software Technologies

The history of cloud computing goes all the way back to the1950s when the world was introduced to shared and distributed architectures with technologies like mainframe computing, for example, the IBM 701 Defense Calculator. In the subsequent years, computer scientists innovated and introduced utility computing, grid computing, and time sharing.

Those seeds that were sown more than seven decades ago were the definitive building blocks of the future of cloud. Today, cloud infrastructures are becoming the norm for businesses. McKinsey reports that by 2024, 80% of the average business’s IT expenses will be dedicated to cloud technology.

Cloud infrastructures have an array of benefits that can help a business thrive in a highly competitive landscape. However, like any technology, it has its share of complexities and challenges, some of which can cause profound and irrecoverable damage.

Attacks on the Cloud

With the cloud computing market expected to hit revenues of over $1.5 billion by 2030 (a compound annual growth rate of 15.7% between 2022 and 2030), it’s easy to imagine cloud adoption stories as ideal and without problems. The truth, however, is that past the honeymoon phase, cloud adoption can be difficult if done without expert mediation.

After a cloud infrastructure adoption, IT departments for various businesses are suddenly not in complete control of their infrastructure. The security knowledge, skills, protocols, and processes they once excelled in are no longer relevant or transferable. Because of this, data breaches can occur at high frequencies and have more damaging repercussions.

A more ominous set of statistics reveal that the average global cost of a data breach in 2022 was a staggering $4.35 million. Some 45% of those breaches happened with cloudbased infrastructures, while 80% involved privilege abuse. And privilege abuse begins with attacks on identities.

Identity: The New Security Perimeter

Access rights (or entitlements) are the most valuable currency in complex and distributed cloud infrastructures. Different identities in cloud infrastructures have different access rights. Some of these identities are human users, some may be machines, and either or both of those could be in-house or belong to a third-party provider.

Identity is the new security perimeter because malicious actors often prioritize them. An attacker can bypass most security measures with minimal challenges by hijacking an identity and gaining control over its access permissions.

A Case Study In What Not To Do

In 2019, there was a data breach that exposed over 100 million customer records, including sensitive information like social security and bank account numbers. The breach was caused by a misconfigured firewall in company’s AWS environment, which allowed an attacker to gain access to the company’s cloud infrastructure.

How Can We Avoid Such Situations?

The principle of least privilege (PoLP) is an age-old and fundamental concept in IT and other similar fields. In fact, you can trace it back to the pre-digital era. This is because all that PoLP essentially means is that a certain user or identity should have only the exact privileges they need to carry out their specific tasks. Any additional privileges are unnecessary and risky.

We hear a lot about zero-trust security models, where every user or identity needs to be thoroughly vetted and authenticated at regular intervals to maintain access permissions. PoLP is integral to zero-trust security models. It helps ensure that even if attackers were to breach a business’s system, they wouldn’t have the lateral mobility to cause severe damage.

Like with most things today, human workforces simply can’t keep up with the speed required to stay competitive and ahead of malicious threats. So, to implement PoLP by identifying over-permissions and right-sizing entitlements of all identities, certain robust solutions are required.

The identity security solutions that businesses employed in the past include Security Assertion Markup Language (SAML) providers, stronger password policies, and multi-factor authentication. However, when we think about cloud entitlements, we need a different approach. Enter Cloud Infrastructure Entitlement Management, or CIEM.

What Is CIEM?

A CIEM (pronounced “kim”) solution helps cloud security teams navigate and manage entitlements across complex multi-cloud infrastructures. CIEM involves whittling down the permissions and privileges of cloud identities to the bare minimum. CIEM is about putting the principle of least privilege into practice and providing ultimate protection for businesses.

Optimizing cloud entitlements can be a cumbersome task for organizations to do themselves. To combat the increasing proficiencies of hackers, they will need to perform this optimization with great intricacy and care. Also, expertise in cloud providers’ permission systems may be required, especially for larger and more complex and distributed cloud infrastructures.

Key Benefits of CIEM

  1. Visibility

The security potential of even perfectly configured cloud entitlements can go unrealized if a business doesn’t have visibility on them. CIEM solutions ensure that businesses have a panoramic view of all their entitlements, making it easier for them to monitor, manage, and mediate access controls in their cloud infrastructure. Visibility is critical for robust security.

True Cross-Cloud Correlation

When working in multi-cloud environments, businesses need to maintain consistency across components of their infrastructure. CIEM solutions help unify all identities related to users, devices, and applications throughout a company’s cloud deployment. This approach enables the implementation of consistent access control policies and a single unified audit trail across all cloud environments.

Intelligent Correlation and Insights

High-quality AI-driven data analytics can be a game-changer. CIEM solutions analyze and leverage user behavior data to assign permissions based on trends, patterns, and commonalities. This approach enables a business to categorize users into similar groups and assess the need for separation of duties. Additionally, data analytics supports the implementation of best practices for maintaining PoLP.

How Does CIEM Work?

CIEM technologies analyze a cloud identity to reveal key information about how its specific entitlements were granted: directly, indirectly, through trust relationships, explicitly, implicitly, or something different. By doing so, CIEM can identify which entitlements and permissions are effective and which permissions aren’t.

Cloud Detection and Response (CDR) continuously gathers and examines intelligence data from cloud feeds, workloads, and configurations. CDR systems can quickly respond to cloud attacks by detecting suspicious activity and threats.

When companies use CDR together with CIEM, they benefit from comprehensive visibility to detect, investigate, and mitigate threats in the cloud based on monitoring the actions of  cloud identities. This surveillance is designed to reveal which permissions are being used and whether that usage is relevant, safe, and rule-abiding.

CIEM measures the gaps between permissions that are granted and how they are used. By doing so, they reveal permissions that simply aren’t necessary and some that are downright unsafe. CIEM helps businesses achieve a lean and muscular security protocol where each identity only has access to what it truly needs.

Another invaluable service that CIEM solutions provide is the ability to automatically generate policy recommendations that ensure that businesses comply with the principle of least privilege.


CIEM solutions are necessary to reduce security risks posed by cloud identities. However, like any security measure, the quality of protection is wholly dependent on the quality of its implementation and whether or not specialized support and tools are utilized.

The expertise of Check Point, the leading provider of cyber security solutions, is precisely what businesses need to integrate CIEM solutions with responsibility, safety, and a keen eye on the future.

Check Point’s CloudGuard CNAPP provides businesses with a holistic approach and actionable security insights covering public clouds, workloads, identities, and applications. It’s an all-in-one solution that covers CIEM, CSPM (Cloud Security Posture Management), workload protection, API security, threat intelligence, and pipeline security.

Additionally, with the power of CloudBots you can reduce security risks by automating the process of remediation of detected threats. For example, cloud security teams can program CloudBots to come into place when Intelligence detects an anomalous behavior such as unusual login attempts or excessive access to sensitive data.

If a threat is detected, the bot can respond in real time by revoking security credentials or access privileges. Furthermore, CloudBots can be used to enforce security policies and procedures, like password complexity requirements, to ensure that cloud identities are kept secure.

Schedule a CloudGuard demo to see the cutting-edge and robust cybersecurity that can fortify your cloud against identity-related threats.


Please enter your comment!
Please enter your name here