Request a CloudKnox Identity Risk Assessment Today

Risk Assesment

Have questions?
Our sales team can answer them.

back to blog

It’s a Match! CloudKnox’s CIEM Solution + AWS Config Integration

February 25, 2021

By: Raj Mallempati, COO at CloudKnox Security

As February comes to a close, love is still in the air for security operators because CloudKnox’s Cloud Infrastructure Entitlement Management (CIEM) solution has solidified a technical partnership with Amazon Web Services (AWS) in the form of an AWS Config integration.

Swiping Right on Right-Sizing Permissions

The global shift to remote work has placed enormous pressure on IT and security teams as enterprises have accelerated migration to the cloud. Heavy cloud computing means an ever-expanding network of identities that requires active and meticulous management – much like a good relationship!

As an APN Advanced-tier partner available on the AWS Marketplace, CloudKnox now provides continuous monitoring and profiling of permissions granted to the thousands of users and roles leveraging AWS Identity and Access Management (IAM) permissions. AWS Config is a service that enables system users to assess, audit, and evaluate the configurations of their AWS resources. The CloudKnox-AWS Config integration is a solution that provides continuous profiling of IAM usage and automated right-sizing of permissions—two factors key to mitigating catastrophic, collective damage in the event of a cloud breach.

Keeping the Creep(s) Away

The integration with AWS Config makes it possible for AWS users to enforce least privilege and Zero Trust access by continuously monitoring and reporting against CloudKnox’s patented Privilege Creep Index (PCI)—unfortunately, this ‘creep’ index isn’t a feature on your favorite dating app!

The PCI automatically triggers remediation actions, if necessary, in real time. The remediation action uses an AWS Systems Manager Automation document that invokes the CloudKnox Just Enough Privileges (JEP) controller through a REST API. The JEP controller delivers an appropriately scoped IAM policy for the user based on the user’s previous activity. AWS Config remediation then automatically provisions that IAM policy for the user.

And if that isn’t music to your ears, then you better turn down the volume on your Ed Sheeran “wedding” playlist.

A Match That Will Have You on Cloud Nine

With the power of AWS Config and CloudKnox, users have the permissions they need instead of overly broad, unnecessary permissions that could—and often, do—leave the organizations vulnerable and open to risk in the event of a breach. Here, bad actors with optimal latitude could move within the cloud to collect sensitive information, disrupt business, or go after company assets, among other risks.

By leveraging this perfect pair, your organization can rest assured knowing that precise permissions are your ticket to a long (and secure) relationship with the cloud.

__

To learn more about this new integration, read the press release.

BACK TO BLOG