Welcome to the KuppingerCole Leadership Compass on Cloud Infrastructure Entitlement Management (CIEM) software products. As organizations adopt cloud infrastructure and services, the management of access rights and permissions becomes a critical aspect of maintaining a secure and compliant environment. CIEM software solutions are specifically designed to address this challenge by providing comprehensive visibility and control over entitlements across cloud platforms.
In this report, we explore key considerations when evaluating CIEM software products for your organization's cloud infrastructure. We delve into vital features such as centralized access management, entitlement discovery and analysis, continuous monitoring of permissions, role-based access control, and policy enforcement. Additionally, we will examine factors like scalability, integration capabilities, reporting and analytics, and compliance frameworks to help you make an informed decision that aligns with your organization's cloud security objectives.
Whether you are in the initial stages of adopting cloud infrastructure or looking to enhance your existing entitlement management processes, this KuppingerCole Leadership Compass will equip you with the knowledge and insights needed to help select the right CIEM software product for your organization's cloud security needs.
1.1 Highlights and findings
This report is both an update and reworking of the 2022 Leadership Compass on Dynamic Resource Entitlement & Access Management (DREAM) and CIEM. We have refocused the report and the eligibility of vendors with the emphasis very firmly on the identity management aspect of CIEM. We no longer talk about Privileged Access Management (PAM) for DevOps, as this concept is becoming outdated and largely replaced by the cloud management capabilities in the CIEM platforms assembled here. In fact, the concept of traditional PAM is under fresh scrutiny as we move more to a world of Least Privilege, Zero Standing Privilege and just-in-time access to resources in the cloud. The shift to the cloud and the demanding needs of developers, CI/CD teams and CloudOps has caused a rethink in how we manage resources and access and what defines privileged access. Is the privilege now with the resource, database, application etc., and identities must be verified instantly to get access, and to get things done as the business, not IT, requires.
Certainly, the market is responding. CyberArk speaks less about PAM these days and has pivoted its entire product line to identity management. Others are following suit: BeyondTrust is notably absent from this report, because it, too, is about to transform its product line towards Identity, and its existing CIEM capabilities are transitioning to their new Identity Security Insights solution. The completion of this happening is after the cutoff for this report. We look forward to welcoming BeyondTrust to the 2024 PAM Leadership Compass and seeing the ground up, brand new platform.
Another reason that PAM vendors are shifting is the emergence of the agile cloud native CIEM vendors which customers are realizing provide a real alternative to traditional PAM by paradoxically not actually offering PAM as a capability. Instead, customers have seen the capabilities they offer for cloud entitlement are indeed a form of selective access but with JIT and rapid response built in. Often, they cover a wider scope of all types of cloud infrastructure out of the box and are identity focused by default.
So, it is an interesting time. We advise readers to look at the whole report and not just who the Leaders are. Leaders are leaders not just because of their innovation or capabilities but also because of their financial strength and market presence. But those further down in the ratings should not be overlooked just because they are small—there is great innovations worthy of attention. There is much to discover among the young and start-up vendors, who have set the pace in CIEM, and who should be seriously considered by buyers. Whatever your choice, every vendor in this report is doing the right thing.
To sum up:
- Major reworking of the 2022 Leadership Compass on DREAM and CIEM
- PAM for DevOps is outdated and largely replaced by the cloud management capabilities in CIEM platforms
- Traditional PAM is under fresh scrutiny as we move more to a world of Least Privilege, Zero Standing Privilege and Just in Time
- Leading PAM players are refocusing entire platforms towards identity and cloud