Source URL: https://cloud.google.com/blog/products/identity-security/new-ciem-support-in-security-command-center-can-help-reduce-risk/
Source: Cloud Blog
Title: Announcing expanded CIEM support to reduce multicloud risk in Security Command Center
Feedly Summary: Identities can be a major source of cloud risk when they’re not properly managed. Compromised credentials are frequently used to gain unauthorized access to cloud environments, which often magnifies that risk since many user and service accounts are granted access to cloud services and assets beyond their required scope. This means that if just one credential is stolen by an adversary, or abused by a malicious insider, companies may be at risk of data exfiltration and resource compromise.
To help make identity management easier, we have integrated Cloud Infrastructure Entitlement Management (CIEM) into Security Command Center, our multicloud security and risk management solution, and we are announcing general availability of expanded CIEM support for additional clouds and identity providers. CIEM can help manage which identities have access to resources across your cloud platforms, and proactively mitigate issues resulting from over-permissioned ones.
Extending CIEM support to more clouds and identity providers
Security Command Center now supports AWS IAM identities for AWS, Entra ID (Azure AD), and Okta identities on Google Cloud. With multicloud, multi-identity CIEM support, customers can more easily discover which identities have access to which cloud resources across more of their cloud footprint.
Identity and access-related findings are available on a single Security Command Center screen, providing a simple, high-level view of risky identity provisioning that could create exposure.
Security Command Center: Multicloud view of identity and access issues.
Each finding provides a description of the risk, resource details, and next steps that help you address the finding and reduce security risk.
Security Command Center: Detailed remediation guidance to help right-size permissions for an AWS IAM User.
AI-powered recommendations
Security Command Center uses AI to make recommendations on how to right-size identity permissions in order to reduce risk. It can evaluate used permissions and unused permissions, recommend roles that can be removed, and suggest potential replacement roles with permissions that more closely match legitimate needs. It can also recommend a custom role if no predefined roles provide the necessary level of security.
Security Command Center: Guidance to help right-size cloud permissions.
Reducing identity risks with built-in remediation
While many cloud-native application protection platforms (CNAPPs) provide some CIEM capabilities to alert security teams of over-permissioned cloud privileges, these findings can often only be addressed manually. Security Command Center goes further by helping you remediate findings with built-in response capabilities. Security Command Center is also integrated with third-party IT Service Management (ITSM) tools, such as Jira and ServiceNow, to assign issues to the right internal teams.
To learn more about CIEM capabilities in Security Command Center, please read:
Overview of Cloud Infrastructure Entitlement Management in Security Command Center
Enable the CIEM detection service for AWS in Security Command Center
Investigate identity and access findings in Security Command Center
Review cases for identity and access issues in Security Command Center
Take the next step
To evaluate Security Command Center capabilities and explore subscription options, please contact a Google Cloud sales representative or authorized Google Cloud partner. You can also join our Security Command Center user community for product news and technical advice.
You can learn how to activate Security Command Center here.
AI Summary and Description: Yes
Summary: The text discusses the risks associated with identity management in cloud environments and introduces the Cloud Infrastructure Entitlement Management (CIEM) feature integrated into Security Command Center, aimed at mitigating these risks. The relevance lies in its focus on identity security within cloud infrastructure, appealing to security and compliance professionals seeking to enhance their identity management strategies.
Detailed Description:
The text highlights the critical role of identity management in the security of cloud environments. It outlines the potential dangers of compromised credentials and the subsequent unauthorized access they can facilitate. Here are the major points presented:
– **Risk of Compromised Credentials**:
– Unauthorized access to cloud services can occur if user and service accounts are not properly managed.
– A single stolen credential can lead to data exfiltration and resource compromise.
– **Introduction of CIEM**:
– CIEM supports effective management of identities’ access to resources in cloud environments.
– It is integrated into Google Cloud’s Security Command Center, designed to assess risks related to over-permissioned accounts.
– **Multicloud and Multi-Identity Support**:
– Security Command Center now supports identity management for AWS IAM, Azure Active Directory (Entra ID), and Okta on Google Cloud.
– Offers a unified view of identity and access issues across various cloud platforms.
– **Risk Assessment and Remediation**:
– Each identity and access finding includes details on the risk, the associated resources, and steps for remediation.
– AI-powered recommendations are used to evaluate permissions, suggesting role adjustments to minimize risks.
– **Integration for Incident Management**:
– Built-in remediation capabilities enable teams to address findings directly within the platform.
– Integration with external IT Service Management tools (e.g., Jira, ServiceNow) facilitates issue assignment to relevant teams.
– **User Engagement and Learning Resources**:
– Information is provided on how users can learn more about CIEM capabilities, activate services, and evaluate the Security Command Center.
This comprehensive approach illustrates the proactive measures being undertaken to enhance identity security in the cloud, offering practical solutions and insights valuable to security and compliance professionals. By leveraging AI and integrating remedial processes, the CIEM feature aims to significantly reduce identity-related risks in cloud environments.