Innovation Insight for CIEM

The first time the CIEM terminology was used it was in May 2020, when I covered the vendor CloudKnox in the 2020 Cool Vendors in Identity and Access Management and Fraud Detection. I thought it was important to create a formal name for the market segment because I saw a big gapping hole in cybersecurity practices for IaaS. And since then I have seen the number of calls on that topic more than double and several startups coming out of stealth mode to offer solutions to this problem.

Today Gartner has released the very first Innovation Insight for Cloud Infrastructure Entitlement Management  The challenge of managing privileges in IaaS is worsening, with thousands of services added in recent years by cloud providers. Security and risk management leaders must combine traditional IAM approaches with CIEM to achieve efficient identity-first security management results.

By 2024, organizations running cloud infrastructure services will suffer a minimum of 2,300 violations of least privilege policies, per account, every year.

What is CIEM? Cloud infrastructure entitlement management (CIEM) tools help enterprises manage cloud access risks via administration-time controls for the governance of entitlements in hybrid and multicloud IaaS. They use analytics, machine learning (ML) and other methods to detect anomalies in account entitlements, like accumulation of privileges, dormant and unnecessary permissions. CIEM ideally provides enforcement and remediation of least privilege approaches.

In this document we dive deep into the benefits of CIEM, and its 4 major uses:

• Visibility of entitlements
• Rightsizing of permissions • Advanced analytics
• Compliance automation

We also describe a very cool case study with the company Fiverr ( and how it addressed the company’s pressing needs for visibility, as well as more advanced analytics for management of entitlements and role management.

Lastly we talk about how CIEM fits in this broader context of IAM and Cloud Security initiatives. And of course there are insights about the vendor landscape and its adjacencies in IGA, PAM, CSPM, CWPP, CASB and SSPM.