Skip to content

Request a CloudKnox Identity Risk Assessment Today

Risk Assesment

Have questions?
Our sales team can answer them.

back to newsroom

CloudKnox extends leadership in Cloud Infrastructure Entitlement Management with integration for AWS Config

February 19, 2021 -

Strategic partnership helps organizations standardized on AWS achieve comprehensive Zero Trust access through continuous permissions right-sizing

SUNNYVALE, Calif. – (Feb. 19, 2021) – CloudKnox Security, the only cloud permissions management platform provider for hybrid and multi-cloud environments, continues to expand its industry-leading position today, improving the Cloud Infrastructure Entitlement Management (CIEM) space with a key Amazon Web Services (AWS) technical partnership. The CloudKnox-AWS Config integration leverages CloudKnox’s patented technology to help AWS users automatically enforce least privilege and Zero Trust access. This announcement moves the CIEM space another step forward as businesses continue to rely heavily on cloud computing with the global shift to remote work.

As an APN Advanced-tier partner available on the AWS Marketplace, CloudKnox now provides continuous monitoring and profiling of permissions granted to the thousands of users and roles leveraging AWS Identity and Access Management (IAM) permissions. AWS Config is a service that enables system users to assess, audit, and evaluate the configurations of their AWS resources. The CloudKnox-AWS Config integration is a solution that provides continuous profiling of IAM usage and automated right-sizing of permissionstwo factors key to mitigating catastrophic, collective damage in the event of a cloud breach.

“It is critical for organizations to enforce least privilege and Zero Trust access in their hybrid and multi-cloud environments. Not doing so leaves them open to significant risk, which could damage the business,” said CloudKnox COO Raj Mallempati. “Strategic technical partnerships and integrations with leaders in the cloud spaceparticularly with major providers like AWSallow us to extend our reach to more users, while also solidifying our position as the lead technical innovator for CIEM.”

The integration with AWS Config makes it possible for AWS users to enforce least privilege and Zero Trust access by continuously monitoring and reporting against CloudKnox’s patented Privilege Creep Index (PCI) and then automatically triggering remediation actions, if necessary, in real time. The remediation action then uses an AWS Systems Manager Automation document that invokes the CloudKnox Just Enough Privileges (JEP) controller through a REST API. The JEP controller delivers an appropriately scoped IAM policy for the user based on the user’s previous activity. AWS Config remediation then automatically provisions that IAM policy for the user.

With the power of AWS Config and CloudKnox, users have the permissions they need instead of overly broad, unnecessary permissions that couldand often, doleave the organizations vulnerable and open to risk in the event of a breach. Here, bad actors with optimal latitude could move within the cloud to collect sensitive information, disrupt business, or go after company assets, among other risks. To learn more about the CloudKnox approach that enables enterprises to enforce a least privilege posture across their hybrid and multi-cloud environments, please visit www.cloudknox.io. CloudKnox offers a free Cloud Identity Risk Assessment to help enterprises understand their cloud identity and resource risk profile. For more information, please visit: https://cloudknox.io/risk-assessment/.

About CloudKnox

CloudKnox Security is the only cloud security platform built from the ground-up to support the monitoring and management of identities, actions and resources across hybrid and multi-cloud environments using an Activity-based Authorization model. Through an extensible single platform, CloudKnox transforms how organizations implement the principle of least privilege and empowers security teams to proactively address accidental and malicious credential misuse by continuously detecting and mitigating identity risks. CloudKnox is based in Sunnyvale, CA.

back to newsroom