With Security Command Center's Cloud Infrastructure Entitlement Management (CIEM) capabilities, you can manage which identities have access to which resources in your deployments on multiple cloud platforms and mitigate potential vulnerabilities that result from misconfigurations.
Security Command Center's CIEM capabilities provide a comprehensive view of the security of your identity and access configuration. Specifically, the following CIEM features help you identify misconfigurations and enforce the principle of least privilege:
- Detection of potential identity and access misconfigurations in your deployments on multiple cloud platforms, including Google Cloud and Amazon Web Services (AWS).
- IAM recommender identity-specific findings that provide insight into the Google Cloud Identity and Access Management (IAM) roles that are granted to principals, including federated identities from other identity providers like Entra ID (Azure AD) and Okta.
- Guidance on how to remediate misconfigurations, such as removing permissions from a principal with excess permissions.
- Case management to efficiently track misconfiguration remediation efforts through the Security Operations console and other ticket management systems.
Manage identity and access security issues with CIEM
The following sections describe the CIEM capabilities that help you manage identity and access misconfigurations.
Quick access to identity and access findings
Security issues often arise due to undetected identity and access misconfigurations such as highly privileged principals, dormant identities, unrotated service account keys, and a lack of multifactor authentication. CIEM generates findings that help alert you to potential identity and access security issues across your cloud environments. Many different Security Command Center detection services (such as IAM recommender, Security Health Analytics, and CIEM) produce the identity and access findings that are considered part of Security Command Center's CIEM capabilities. For example, the CIEM detection service itself produces a subset of identity and access findings for AWS that alert you to highly privileged AWS IAM roles, groups, and users.
With CIEM, Security Command Center presents Google Cloud and AWS identity and access findings categorically on the Identity and access findings card of the Security Command Center Risk Overview page. This card provides quick access to a filtered view of identity and access misconfiguration findings on the Security Command Center Findings page. When viewed in detail, each finding provides a full scope of what was detected as well as guidance on how to address the misconfigurations to avoid potential attack vectors.
To learn how to investigate identity and access findings to understand your identity and access security, see Investigate identity and access findings.
Remediation guidance and tracking for identity and access findings
Security teams working with multicloud infrastructure often struggle to
remediate identity and access misconfigurations at scale. Security Command Center
provides you with remediation guidance, as well as security operations
capabilities, such as case management and response playbooks. By default,
Security Command Center also automatically creates cases in
Security Operations console and tickets in Jira or ServiceNow for Critical
and
High
severity misconfigurations.
To learn more about reviewing findings cases, see Review cases for identity and access issues.
Discovery of federated identities' permissions on Google Cloud
CIEM helps to provide a more granular view of the security of your identity and access configurations by providing insight into the Google Cloud permissions of federated identities from other identity providers, such as Entra ID (Azure AD) and Okta. CIEM integrates with IAM recommender to expose federated identities with roles that have excess permissions on your Google Cloud resources. You can view offending access grants and recommended remediations directly from the Security Command Center Findings page. For more information on offending access grants in findings, see Offending access grants.
In addition, Google Cloud IAM lets you further investigate the permissions of principals from other identity providers on the IAM page in the Google Cloud console.
What's next
- Learn how to enable the CIEM detection service for AWS findings.
- Learn how to investigate identity and access findings.
- Learn how to review cases for identity and access issues.
- Learn more about the IAM recommender functionality that powers CIEM.