The company also highlighted the limitations of traditional PAM models relying on static policies and manual processes, often lacking crucial context and leading to excessive permissions and security vulnerabilities. Their 2024 Identity Security Insights report indicated that 68% of respondents are seeking AI-driven improvements in risk-based access control.

“Today’s hybrid, multi-cloud environments have led to an explosion of human and non-human identities, creating complex access workflows and rampant privilege sprawl. To tackle this, organizations require dynamic policies that can intelligently enforce the principle of least privilege across their identity stack. With the AI-driven CIEM module in PAM360, IT security teams can now generate intelligent least privilege policies, proactively flag risky entitlements and automate remediation, helping enterprises close critical identity security gaps before they’re exploited,” said Ramanathan Kannabiran, director of product management at ManageEngine.

Addressing this need, PAM360’s Cloud Infrastructure Entitlement Management (CIEM) module now incorporates AI-generated least privilege policies, automated remediation of shadow admin risks, and real-time access and session summaries. These AI-powered capabilities enable organizations to proactively combat access sprawl and misconfigurations in hybrid environments with minimal manual intervention.

ManageEngine also addressed the inefficiencies and potential security gaps associated with business workflows using RPA and script-based automation that often rely on manual access provisioning. Modern IT teams require dynamic controls to streamline on-demand access within these automated workflows and bolster overall security.

According to Kannabiran, “Privileged task automation in PAM360 eliminates the need for administrators to manually grant and revoke necessary access privileges for every automated routine. Access is provisioned just in time, based on the task context, and revoked automatically once the task ends. This not only preserves admin bandwidth, but also reduces the risk of privilege misuse caused by excessive or standing access.”

Leveraging Zoho’s Qntrl, PAM360 now offers native automation capabilities, eliminating the need for third-party tools. This deep integration within the Zoho ecosystem allows for seamless orchestration of privileged access workflows, enhancing efficiency without compromising security. PAM360 streamlines vendor access with automated onboarding and offboarding, provisions temporary, just-in-time access with granular, time-bound controls, and ensures secure, hands-free transfer of privileged data – delivering speed, consistency, and reduced risk across the organization.

As cyber threats grow in sophistication and frequency, securing privileged access has become paramount for organizations of all sizes. Senhasegura’s comprehensive PAM platform provides granular control and visibility over privileged accounts, protecting sensitive data and critical systems from unauthorized access and potential breaches.

Through this partnership, AmiViz will provide regional enterprises across various industry verticals with the complete suite of Senhasegura’s PAM solutions, including:

1. Privileged Account and Session Management: Secure, manage, and monitor all privileged accounts, including shared accounts, firecall accounts, and application accounts.
2. Secrets Management: Protect sensitive information such as passwords, API keys, and encryption keys by securing, managing, and rotating them automatically.
3. Just-in-Time and Just-Enough Access: Grant privileged access only when needed and revoke it automatically after use, significantly reducing the attack surface.
4. Comprehensive Auditing and Reporting: Maintain a detailed audit trail of all privileged activities for compliance and threat investigation.

Commenting on the partnership, Ilyas Mohammed, COO at AmiViz said “The partnership with Senhasegura significantly strengthens our portfolio in the Middle East and Africa by incorporating their state-of-the-art PAM technology. This collaboration enables us to provide comprehensive security solutions to our customers, addressing critical challenges in privileged access management and enhancing overall cybersecurity in the region.”

“We are thrilled to partner with Amiviz to bring Senhasegura’s cutting-edge PAM solutions to the Middle East and Africa,” said Marcus Scharra, Co-CEO at Senhasegura. “This region is experiencing rapid digital transformation, making robust cybersecurity measures more critical than ever. We believe that by combining our expertise with Amiviz’s established presence, we can empower organizations across the region to effectively manage privileged access and strengthen their security posture.”

ManageEngine, which has been recognized in this Magic Quadrant report for the fourth time in five years, was assessed alongside 10 PAM vendors for its completeness of vision as well as its ability to execute. “With identities and privileged accounts evolving as the new perimeter and economic headwinds driving efficiency-related security initiatives, IAM leaders need a comprehensive strategy to understand and manage all kinds of privileged access in their organizations while mitigating associated business and operational risks,” said Kumaravel Ramakrishnan, director of marketing at ManageEngine.

“PAM360 fits the philosophy of value-oriented IT management, helping enterprise security teams manage administrative privileges end to end. We believe that this recognition from Gartner is a testament of our continued commitment to building a unified PAM platform that will be a key cog in the IAM strategy of enterprises of any size,“ he added.

Recent product innovations in ManageEngine PAM360 include:

• Trust scores for users and endpoints, which offer real-time risk assessment to identify and preempt anomalous activities.
• Policy-based access controls enable administrators to predefine a set of access policies and grant conditional access to mission-critical endpoints based on trust scores and other crucial parameters.
• Self-service privilege elevation for Linux environments, which enables administrative users to configure an allow-list of sensitive commands and let users execute those commands with elevated privileges.

In the hands of an external attacker or even an unscrupulous insider, privileged Unix and Linux accounts represent a potentially very serious cyber security threat to your organization. Through these privileged accounts, an attacker can infiltrate your organization’s environment and expose sensitive data, conduct unauthorized transactions, plant malware, and destroy systems, while erasing traces of his/her presence each step of the way.

Today, it is essential to have a strategy in place to control and audit your Unix/Linux privileged access in order to overcome this inherent security and compliance risk. The principle of least privilege, for example, was developed to encourage organizations to defend against infiltration by restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, authorized activities, and for the least time necessary. In many cases, this equates to standard user access.

What are the challenges associated with managing privileges in Unix & Linux environments?
Many basic OS, management, application, and software functions (e.g. configuration utilities) for Unix and Linux platforms require more than just standard privileged access. Traditionally, this required end users to possess elevated privileges in the form of root or administrative usernames and passwords. To overcome this inherent security and compliance risk, organizations must remove the need to distribute and maintain root and administrative credentials. For this, they need PAM.

The best practice for managing privileges in Unix/Linux environments starts with PAM
One of the best ways to enhance access control for your privileged accounts is to use a Privileged Access Management (PAM) solution to configure and manage your Unix/Linux system. PAM provides a detailed, policy-based delegation of privileges of the Unix/Linux root account. This will enable you to deploy least-privilege access and enhance individual accountability for Unix/Linux root account activity. Plus, its centralized management and reporting capabilities will ensure you meet even the most stringent compliance requirements.

Let’s look in greater detail at how PAM can address the security and compliance challenges that are exclusive to Unix/Linux environments.

1) Prevents root escalation by removing the need to log in as root
Many system and application users of Unix and Linux use the phrase, “I need root,” declaring they can only perform their daily job functions if they can log on as “root”. Root is often referred to as the “God” user because, as the most powerful user on the system, there is little the root user cannot do.

Allowing usage of the root account complicates the ability to audit an individual’s actions (promoting account sharing) and inhibits the use of a strong, changeable password for the root account due to the need for multiple identities to use the account at any given time. These characteristics dramatically increase risk. The organization faces a heightened danger from insider threats via malicious and accidental behaviors, as well as additional exposure from external threats due to weak and non-changing passwords. There is zero accountability when using root to perform administrative functions.

Privilege Access Management solutions for Unix & Linux environments allow an administrator to elevate privileges following the principle of least privilege (PoLP). This enables users to run any command at a higher privilege level, so long as it is allowed by a policy defined in the centralized policy server, keeping the user accountable and keeping the attacker out. Removing the need for users to log on as root enables much tighter security controls around the root user account.

2) Safeguards Unix/Linux privileged passwords
It goes without saying that everything must be password protected. However, the management of your privileged passwords is as important as the password itself. One of the major problems for Unix/Linux root accounts is the tendency for users to share accounts and passwords. Unfortunately, in the case of shared accounts, as well as for certain configuration changes, root access is still required. Access to root passwords needs to be strictly controlled, and only one individual should know a password at any point in time to ensure there is accountability for any actions taken using the account.

These accounts should also have their passwords rotated on a regular basis to prevent any brute-force attacks aimed at hacking passwords. Integrating a PAM-privileged password management system layers on further security and productivity benefits by proactively vaulting and managing privileged credentials.

3) Centralizes Unix/Linux systems management, policy, and reporting
It’s well-established that the command-line nature of Unix and Linux systems doesn’t lend itself to easily consumed searching capabilities. This drawback becomes especially apparent in very large enterprise systems with multiple log servers concurrently running. With that said, consolidating vast amounts of data, and finding what you are looking for, is key to identifying mistakes and mitigating risk. PAM solutions allow the consolidation of logs, making data accessible quickly and efficiently. IT stakeholders benefit from having real-time visibility into the state of privilege-related Unix and Linux risks at their fingertips.

4) Achieves compliance for the root account – indelible audit trail, unimpeachable logs
PAM solutions enable full session logging and session replays, providing a centralized, indelible audit trail and ultimate accountability for each individual system administrator. Logging all Unix/Linux user activity can quickly become untenable. With PAM solutions, activity is recorded in a tamperproof way to meet compliance needs, and event logs can be dynamically named, centrally located, and access controlled in the central management console. When an audit or forensic investigation needs to be performed, organizations no longer need to waste time and manpower performing investigations on an overwhelming amount of data.

5) Analyze behavior to detect suspicious user, account, and asset activity
From time to time, the most senior admins will have a legitimate need to leverage root capabilities. These sensitive use cases may include certain types of system-level changes, or just reflect the ad-hoc nature of the commands the user may need to issue. One challenge is that compliance teams need to monitor ALL activity and ensure accountability for actions, especially considering the privilege level being used during these sessions. Compliance teams need to cleanly identify:

• who was using the root account
• when they were using the root account
• what activities were performed/commands typed by the root account

It is also imperative to protect log files from any sort of tampering. Searching the log files is critical for enabling the compliance team to find what they are looking for quickly and efficiently. PAM solutions enable monitoring and auditing of sessions for unauthorized access, changes to files and directories, and compliance.

The bottom line is that your business depends on the accuracy and privacy of the information you are entrusted with. Therefore, the value of managing the “who, what, where, when, how, and why” regarding access to your information technology cannot be underestimated. Privileged access management has numerous benefits that can solidify your information security. You would be wise to take advantage of this indispensable tool.

The GCC is humming with cloud activity, and understandably so. The cost-benefit analysis of cloud services had already proved favorable before the pandemic. Governments looking to deliver on economic visions were using it. Businesses looking to align with those visions and be part of their success story were using it. And consumers looking for streaming entertainment and cheap storage for self-made media were using it.

When COVID reared its head, those organizations that were still evaluating cloud had to get down from the fence and run to the barn. The cloud was the only way to deliver safety to employees (through remote work) and business continuity (through several other services). Right now, the list of hyperscale cloud providers that have regions in the GCC or are building them includes Google, Oracle, Microsoft, AWS, and IBM. Many of these launches were before the pandemic, so these companies definitely believe in the future of cloud in the region.

But the downside of cloud is the complexity of the technology environment, especially as it relates to security and identity management. Multiple clouds, personal devices and overworked IT and security staff — these factors combine to impose severe risk burdens on regional organizations.

Say ‘Hello’ to Kim
CIEM, pronounced “Kim”, stands for Cloud Infrastructure Entitlements Management, and it is designed for precisely the kinds of environment that we see more commonly today. Not only does it manage permissions and entitlements, it discovers them. And most importantly it enforces least-privilege standards throughout cloud ecosystems. CIEM is the ultimate multi-cloud watchdog.

Good for both public and private single-cloud setups, CIEM’s value is unlocked to a greater degree in multi-cloud. It is of immediate benefit to security teams that currently rely on a disparate bunch of tools, each native to a different cloud. The cloud’s flexibility adds a layer of complexity in multi-cloud arenas where different identities weave in and out of sensitive areas. These identities, whether for employees or third parties, tend to be over-provisioned. They therefore present a risk because if they are hijacked, they can offer widespread access to a malicious party.

Another tendency that exacerbates risk is the lack of portability of native identity-management tools. They cannot be used to manage identities in other clouds. This issue is at the center of the risk factors associated with multi-cloud.

The need for CIEM
Managing cloud identities and their entitlements through just-in-time (JIT) provisioning and least privilege may be Cloud Security 101 but finding the right solution to cover multi-cloud environments can be tricky. Such a system requires standardized controls, full visibility of the environment, and the ability to plug cloud security gaps and uncover compliance anomalies. Only then can security teams be assured of being able to chase down and prevent breaches.

CIEM enables the discovery, management, and monitoring of entitlements in real time. It can build comprehensive behavior models for each identity across multiple cloud infrastructures, including hybrid environments. Anomalies are flagged. Least-privilege is enforced. The changing of policies and entitlements is automated and capable of extending to traditionally incompatible cloud resources.

CIEM integrates with Privileged Access Management (PAM) solutions to homogenize the management of secrets, passwords, least privilege, and remote access. Least-privilege security models mean that each session, machine, employee, contractor, process — anything that uses a digital identity — will only receive enough permissions to perform a specific task. Additionally, the JIT access model ensures that those permissions expire when the task is completed. These practices greatly reduce the risk of compromised credentials, so the integration of CIEM with PAM is an excellent way to plug gaps.

The benefits of CIEM
By now, the benefits of CIEM should be clear. It is able to reach into every corner of the environment (from premises to multi-cloud) and provide a rich view of cloud identities and their entitlements. It enables the granular monitoring and configuration of permissions and tracks privilege models across the different cloud service providers they visit. And it automates a range of processes to maintain the integrity and relevance of each active identity and ensure it has access to every resource it needs for its owner (human or otherwise) to be productive, but no more than necessary.

CIEM is also capable of comparing cloud environments, discovering their differences, and issuing actionable insights on how to address the risks these dissimilarities may pose to the organization.

The ideal CIEM solution
CIEM has become a prerequisite of robust cloud-identity security and should be sought as part of an advanced PAM platform if security teams are going to receive the tools they need to address all the challenges they face regarding identities in cloud and multi-cloud environments.

The ideal CIEM solution will be able to automatically discover accounts and assess their entitlements, create an inventory of identities, and classify them by permissions sets, all in real time. This capability alone is a boon to organizations that are trying to align their security posture with the dynamic nature of cloud environments and the fleeting existences of their native resources.

Part of the discovery and inventory will be the determination of which identities are unique to a cloud and which are shared. The result will be a searchable repository that can be readily audited, and managed. Based on the information gathered, CIEM solutions can flag over-provisioning and enforce least privilege automatically. Real-time discovery also enables the identification of changes in account privileges, and the judgement of their necessity or appropriateness. Anomalies can be flagged for assessment as potential liabilities. And identities can be deleted or blocked if they violate any policy.

The future
CIEM will be an indispensable part of the region’s future technology environments. Its uncompromising policing of identities across multi-cloud environments is a perfect fit for current technology trends. Only with CIEM can organizations hope to conquer the unavoidable complexities with which they wrangle daily.