KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The complexity of cloud architectures and design – Kubernetes alone has enough mind stretching concepts, permissions, building block terms to service a cottage industry of self-help books – means that trying to manage these environments, particularly in dev environments is not just about Privileged Access or CIEM. It’s kind of another level of cloud security in itself which some of these platforms can assist with to different levels.
Cloud access is managed by the developers who have little time for IAM + Security - according to one vendor, so there is a fork in the road emerging – one way is to persevere with the top down (PAM) method of controlling access centrally – or by opening up identity and security to individual departments within organizations – i.e., developers, operations, HR, etc.
Dynamic cloud environments require dynamic access. Dynamic cloud architecture is coming to dominate enterprise networks and operations, as business leaders and IT vendors understand a paradigm shift is necessary for organizations to compete as fully digital enterprises.
This new architecture incorporates multiple instances of cloud services including IaaS, PaaS and SaaS, as well as hybrid combinations of cloud and on-premises installations and within it all, clusters of teams using and running these clouds.
This new IT architecture has become essential to organizations seeking the speed and dynamism essential for organizations to run the applications and tools needed for fast changing markets and challenging operating conditions. DevOps and other agile teams within organizations have come to rely on dynamic clouds to complete workloads on a Just In Time (JIT) basis, in response to demands from internal customers (LoBs). All the while, networks are much more open to employees, third party users, suppliers, and customers; what was once considered “privileged” is becoming the norm as collaboration and data sharing become ubiquitous. The emergence of non-human identities gaining access to cloud-based resources is also an important part of the new environment.
The speed at which these environments operate has put severe pressure on the capabilities of traditional access management platforms such as role-based IGA, IAM and PAM. While workloads have long been present in servers and private clouds these tended to be static and not time critical. What has changed is the breadth of access, but primarily the dynamic/agile/volatile nature of what needs to be managed. It is not about setting up a server on a physical machine that runs for years anymore, but about constantly changing workloads.
Hence the need for our new Dynamic Resource Entitlement & Access Management (DREAM) classification for access management and entitlement platforms that can manage the challenges in the computing environments mentioned above. Fundamentally, DREAM based platforms must operate at the speed of the cloud and grant access based on tasks, toolchains, and workloads rather than roles – or only permission access to static resources such as servers or vaults.
These platforms include those categorized as CIEM (Cloud Infrastructure Entitlement Management) platforms that offer rapid access to cloud infrastructure itself and in some more advanced examples, offer granular control of cloud-based resources. Also included within DREAM are the newer PAM for DevOps tools that extend the traditional functionality of PAM for toolchain focused access for DevOps teams. It’s an emerging market but one that is attracting significant attention, not least from some of the biggest names. Microsoft acquired CIEM vendor CloudKnox in 2021 and has now relaunched the technology as Microsoft Entra Permissions Management as part of a wider sweep into cloud security management. Unfortunately, the package arrived too late for this Leadership Compass but there are more details in the Vendors to Watch section.
All included platforms must address the protection of the clouds themselves, the assets held in the cloud, and include those assets which remain on-premises but are needed to connect to the cloud. We are addressing such common components as VMware, Linux/Windows Servers, Web Servers, SaaS, IaaS, databases, containers, code, confidential data, secrets, credentials and privileged accounts. Finally, certain IGA products will contribute to a DREAM based architecture for compliance purposes.
