GCP – Announcing expanded CIEM support to reduce multicloud risk in Security Command Center
Identities can be a major source of cloud risk when they’re not properly managed. Compromised credentials are frequently used to gain unauthorized access to cloud environments, which often magnifies that risk since many user and service accounts are granted access to cloud services and assets beyond their required scope. This means that if just one credential is stolen by an adversary, or abused by a malicious insider, companies may be at risk of data exfiltration and resource compromise.
To help make identity management easier, we have integrated Cloud Infrastructure Entitlement Management (CIEM) into Security Command Center, our multicloud security and risk management solution, and we are announcing general availability of expanded CIEM support for additional clouds and identity providers. CIEM can help manage which identities have access to resources across your cloud platforms, and proactively mitigate issues resulting from over-permissioned ones.
Extending CIEM support to more clouds and identity providers
Security Command Center now supports AWS IAM identities for AWS, Entra ID (Azure AD), and Okta identities on Google Cloud. With multicloud, multi-identity CIEM support, customers can more easily discover which identities have access to which cloud resources across more of their cloud footprint.
Identity and access-related findings are available on a single Security Command Center screen, providing a simple, high-level view of risky identity provisioning that could create exposure.
Security Command Center: Multicloud view of identity and access issues.
Each finding provides a description of the risk, resource details, and next steps that help you address the finding and reduce security risk.
Security Command Center: Detailed remediation guidance to help right-size permissions for an AWS IAM User.
AI-powered recommendations
Security Command Center uses AI to make recommendations on how to right-size identity permissions in order to reduce risk. It can evaluate used permissions and unused permissions, recommend roles that can be removed, and suggest potential replacement roles with permissions that more closely match legitimate needs. It can also recommend a custom role if no predefined roles provide the necessary level of security.
Security Command Center: Guidance to help right-size cloud permissions.
Reducing identity risks with built-in remediation
While many cloud-native application protection platforms (CNAPPs) provide some CIEM capabilities to alert security teams of over-permissioned cloud privileges, these findings can often only be addressed manually. Security Command Center goes further by helping you remediate findings with built-in response capabilities. Security Command Center is also integrated with third-party IT Service Management (ITSM) tools, such as Jira and ServiceNow, to assign issues to the right internal teams.
To learn more about CIEM capabilities in Security Command Center, please read:
Overview of Cloud Infrastructure Entitlement Management in Security Command Center
Enable the CIEM detection service for AWS in Security Command Center
Investigate identity and access findings in Security Command Center
Review cases for identity and access issues in Security Command Center
Take the next step
To evaluate Security Command Center capabilities and explore subscription options, please contact a Google Cloud sales representative or authorized Google Cloud partner. You can also join our Security Command Center user community for product news and technical advice.
You can learn how to activate Security Command Center here.
Read More for the details.