CyberArk Cloud Entitlements Manager – Streamlined Onboarding at Enterprise Scale

April 26, 2021 Sam Flaster

CyberArk Cloud Entitlements Manager, our Cloud Infrastructure Entitlements Management (CIEM) solution, now supports the following features:

Streamlined Onboarding for Organization-Level Hierarchies in AWS, Azure and GCP

Customers can now rapidly onboard their entire cloud provider footprint to Cloud Entitlements Manager for centralized visibility and control of IAM permissions risk.

In the onboarding pane, Cloud Entitlements Manager now connects to AWS Organizations, Azure Root Management Groups, and GCP Organizations — organizational structures that enterprises use to centrally manage their environments across regions and business functions. With their full organizational footprint connected, customers can bulk configure organizational units or specific accounts for risk analysis and reduction with Cloud Entitlements Manager. This accelerated process drives operational efficiencies for organizations as they defend against attacks, manipulating cloud entitlements and ultimately enabling secure expansion of cloud services.

Fig 1: User experience of onboarding full organizations or standalone accounts in Cloud Entitlements Manager

Organizations often struggle to map and manage permissions that grant access to cloud-hosted infrastructure and resources. There are now more than 21,000 potential permissions that must be managed across AWS, Azure and GCP. To reduce the risk of misconfigured permissions, cloud providers and leading compliance frameworks recommend organizations implement least privilege access and allow only the minimum necessary entitlements to perform ongoing operations.

Fig 2: Cloud Entitlements Manager now tracks more than 21,000 permissions to access resources across AWS, Azure and GCP —  all of which must be securely managed.

Especially at enterprise scale, organizations must consistently review permissions across their AWS accounts, Azure subscriptions and GCP projects to reduce the risk of overprivileged identities. This problem is even more difficult for organizations that leverage multiple providers. Organizations currently use 2.6 public cloud providers on average, per the Flexera 2021 State of the Cloud Report. 

Cloud Entitlements Manager provides cloud-agnostic detection and AI-powered remediation of risky IAM permissions, allowing organizations to defend against attacks. With Cloud Entitlements Manager, CyberArk is the only vendor to provide controls that extend least privilege from the endpoint to the cloud.

By connecting their full hierarchy of AWS, Azure and GCP resources to Cloud Entitlements Manager, organizations can connect all their accounts in one swoop, eliminating the time and effort required to connect individual cloud accounts and accelerate their time to value. Just as importantly, customers can identify specific accounts that should not be connected; Cloud Entitlements Manager allows organizations to perform bulk onboarding actions such as connecting or disconnecting multiple accounts.

Effectively, onboarding support for organization-level hierarchies streamlines operations and unlocks flexibility for customers, both when they are first connecting to Cloud Entitlements Manager and as they expand in the cloud. Any new AWS accounts, Azure subscriptions or GCP projects within an organization can be rapidly connected to Cloud Entitlements Manager, allowing security teams to analyze new accounts and reduce permissions risk.  

As with all Cloud Entitlements Manager features, organization-level onboarding is available via our 30-Day Free Trial.

For information on this release and all Cloud Entitlements Manager updates, please visit our ‘What’s New’ section on CyberArk Docs.


Previous Article
CyberArk Identity 21.5 Release
CyberArk Identity 21.5 Release

New sign-in experience, Windows Certificate Authentication agent, identity verification integration, stand...

Next Article
CyberArk Identity 21.4 Release
CyberArk Identity 21.4 Release

Release 21.4 includes support for enhanced delegated administration, desktop-based CyberArk Identity Authen...