Identity and Access Management Governance Module to Mitigate Cloud Identity Risk

By Enterprise Security Magazine | Thursday, October 22, 2020

Brian Johnson, SVP, Cloud Security Practice

With the IAM Governance Module, enterprises can now identify exactly what resource, application, user, and the role is accessing a specific cloud asset and the potential impact of that access.

FREMONT, CA: Rapid7, a leading provider of security analytics and automation, announces the availability of its Cloud Identity and Access Management (IAM) Governance module for DivvyCloud to assist customers in identifying and mitigating cloud identity risk. With this new module, customers gain increased visibility into their cloud resources to assess, prioritize, and remediate improper permission combinations that could let unintended permissive access. 

The dynamic nature of cloud environments makes conventional security perimeter approaches insufficient for managing risk. To decrease risk, enterprises must view identity as the new perimeter. The complexity of cloud environments and cloud service provider IAM tools lead developers and engineers to let unintended or overly permissive access. This same complexity makes it difficult for security teams to determine who has access to a cloud resource. The result is an unmanaged cloud risk that overwhelms security teams. 

An increased reliance has accompanied the surge in remote work caused by the pandemic on cloud applications and services. This means companies need a solution that supports this increase in direct-to-cloud access by offering identity and access management options that recognize there's new perimeter and ensure security. Rapid7's new Cloud IAM Governance module for DivvyCloud allows our customers to gain full control and visibility over their entire cloud environment, no matter how many different cloud providers, users, or resources they have in play. Once they have this insight, enterprises can start to deploy the least privilege access to mitigate the risk of data breaches and improve security.

This solution is now available to DivvyCloud customers as an additional module. Specifically, the Cloud IAM Governance module allows customers to gain visibility of the full cloud IAM picture to assess, prioritize, and remediate improper permission combinations that grant unintended or overly permissive access, explore adequate access by principal user, resource, or application, understand true access to complex IAM combinations, establish and maintain least privilege, and limit and understand the cloud security blast radius. 

Weekly Brief