Cloud Infrastructure Entitlement Management (CIEM)

The goal of Cloud Infrastructure Entitlement Management (CIEM, formerly called Identity) is to reduce your attack surface by ensuring that cloud entitlements or permissions respect the principle of least privilege. This means that identities are only granted the smallest set of permissions to do their tasks.

In addition, CIEM provides in-depth visibility into permissions granted to cloud entities and calculates which permissions are effective.

Use Cases and Prerequisites

To use CIEM, you must finish onboarding a cloud environment to CloudGuard with all necessary permissions. There are additional prerequisites for some use cases of CIEM.

	Use Case	Prerequisite for the Use Case
1	Gives visibility into cloud entitlements and effective permissions.	No additional prerequisites are required.
2	Automatically identifies overprivileged AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. Lambda functions and provides a least-privilege suggestion for remediation.	You must enable Serverless Risk Assessment for the AWS environment. For more information, see Serverless Risk Assessment
3	Automatically identifies overprivileged cloud identities based on actual use of permissions. Provide least-privilege suggestions for remediation.	You must onboard your account to Intelligence Account Activity. For details about onboarding, see Intelligence Onboarding and Offboarding.