The enterprise world has firmly embraced the desire to move to Zero Trust. Actual implementation, however, is another matter.
Most organizations with remote workers, BYOD environments and cloud-based assets see the value of Zero Trust. And why not? Continuous protection of high-value assets, the ability to make employees productive wherever they choose to work, seamless integration with business partners, and the power of real-time customer connectivity are all core to modern business growth. Zero Trust makes it possible to do all of this and confidently pursue digital growth strategies.
But while some surveys show that 96% of companies are onboard with pursuing Zero Trust, a study by CRA Business Intelligence shows that only about 25% of those enterprises have successful frameworks in place. About 30% of those surveyed are stuck in the planning phase and another 35% are floundering in the consideration phase. These are not great adoption rates for a widely revered security concept that’s been in the market for nearly a decade.
It seems the biggest roadblock for most organizations is the enormity of the status quo. Organizations have employees and contractors working in offices, coffee shops, kitchen tables, customer sites, and airports around the world. Engineers, coders, salespeople, accountants and other professionals have changing workloads — and someone is always being promoted, transferred, shared or fired. Which means “what they need to do their jobs” can change from day to day. There’s also the issue of digital sprawl, as companies have built not-so-well-planned infrastructures with terabytes of sensitive data and hundreds — or thousands — of apps strewn across multiple clouds.
In other words, Zero Trust is the right desired state for growth-minded enterprises, but day-to-day realities make it tough to implement, despite the intentions of the many dedicated internal champions trying to drive it forward. This is where the concept of Entitlement Management can provide enterprises with the visibility, control, and automation they need to make Zero Trust a reality.
Quick definition of Entitlement Management
Building and maintaining an effective Zero Trust framework clearly requires some way of automating approved access to data, apps, collaboration tools, and other digital assets. In addition to initial access, those privileges must be continually managed, as people change roles, get new assignments, quit or get fired. Authorized users need to be given the right access at the right time to ensure productivity — without exposing the enterprise to cyberattacks or other risks. These requirements become considerably more complicated when including authorized users from outside organizations. Even though you may not know precisely who in the other organization needs access and those users in outside organizations may not be certain which applications, groups, or sites your organization utilizes, they must be accounted for in an effective Zero Trust framework.
Entitlement Management is an identity governance approach that enables organizations to accomplish all of this at scale. The right technology-enabled policies can automate critical steps, such as self-service requests, security reviews, expiration and, of course, access to specific data, work groups and apps. Entitlement Management can also be used to manage software licensing rights and ensure that enterprises don’t break the terms of licensing agreements. For example, if an enterprise agrees to pay for a specific number of seats, it needs to make sure that only users who have been given access use the software — and when users no longer need to access the software, their privileges are shut down.
Since most enterprises are moving to a cloud-first approach to everything from engineering to sales to customer service, an optimal approach to this entitlement is Cloud infrastructure entitlement management (CIEM), a solution that leverages analytics, machine learning (ML) and other methods to detect and remediate anomalies in account entitlements, such as unnecessary accumulation of privileges, dormant privileges.
CIEM capabilities are increasingly important, because a 2022 study by Gartner predicts that by 2024 organizations running cloud infrastructure services will suffer a minimum of 2,300 violations of least privilege policies, per account, per year. A good CIEM solution will mitigate these risks and enforce least-privilege principles via continuous privilege right-sizing. This will provide the organization with centralized visibility into existing entitlements, tools for analyzing granted vs. used privileges and ongoing recommendations for optimizing and right-sizing privileges across all user populations.
Key Benefits of Entitlement Management
Gain granular visibility across a multi-cloud infrastructure
Most enterprises have built cloud-first infrastructures that allow for remote work, customer and business partner connectivity and on-demand scalability. But with all of this digital agility comes increased risk. As risk expands, enterprise security teams need technologies to provide visibility and control across multi-cloud environments. Modern Entitlement Management solutions provide granular visibility and offer precise, automated control of permissions and user activity within those environments.
Create consistent and centralized security-based policies
The somewhat haphazard collection of cloud services that has been built up in most enterprises creates a considerable challenge for security teams. In most cases, each cloud or app provider has a its own set of policies, which leads to inconsistent security and increased risk. Manually identifying and addressing these security gaps is simply overwhelming for security teams. Even if an enterprise chooses to take a manual approach, it’s bound to fail due to lack of bandwidth and budget. Entitlement Management solutions typically offer automated tools needed to resolve this dilemma. Using these solutions allows security teams to consistently apply best practice security policies and enforce least privilege access across even the most diverse multi-cloud infrastructures.
Automated detection and deactivation of over-provisioned users
Migrating workloads to the cloud can be an overwhelming experience for engineering and DevOps teams. To simplify the task, most of them will apply broader permissions than necessary. They do this to save time, which means they don’t typically provision individual resources based on specific job requirements. For most organizations, this leads to excessive permissions and extraneous entitlements that increase both risk and cost. Entitlement management solutions close this gap by identifying over-provisioning and deactivating unnecessary access.
Take a Phased Approach and Start with Identity
There’s enough evidence to prove that pursuing Zero Trust is a worthwhile endeavor, especially for digital-first enterprises. But the thing to remember is that building an effective framework typically takes two to three years and requires a phased approach that begins with identity and then moves to workloads, devices, networks, and data. Deploying an effective Entitlement Management solution needs to be a core part of the first phase. Making it part of your foundation is a good first step towards achieving a truly effective Zero Trust framework.