The goal of Cloud Infrastructure Entitlement Management (CIEM, formerly called Identity) is to reduce your attack surface by ensuring that cloud entitlements or permissions respect the principle of least privilege. This means that identities are only granted the smallest set of permissions to do their tasks.

In addition, CIEM provides in-depth visibility into permissions granted to cloud entities and calculates which permissions are effective.