We have seen significant innovation in the infrastructure space, especially in the past fifteen years, starting with virtualization to (public) cloud computing. This has led to unprecedented levels of automation, enabling enterprises to attain huge levels of operational efficiency. All it takes is a one liner to execute historically complex tasks like downloading the entire dataset, building or tearing-down an entire datacenter. While this is great for efficiency, it also introduces a huge risk, as all it takes is a single line of script to cause massive disruption either accidentally or with malicious intent.
As a person responsible for managing multi-cloud infrastructure in a prior life, I felt that the biggest risk for our infrastructure was identities with these powers. Human identities make up only a fraction of all identities operating in the environment. There are thousands of non-human identities like service accounts, access keys, machines, apps, serverless functions, scripts, and bots coming from various authentication systems like local Identity and Access Management services, Enterprise Directory services and SAML based federation systems.
I wanted to gain visibility into my environment so that I could get an idea about the risks and develop a mitigation plan. I wanted to start off with getting answers to these three questions:
- Which identities (human & non-human) can get into my infrastructure?
- What operations are they entitled to do?
- What operations are they performing for day-to-day operations?
To my dismay, I could not find a decent tool that could provide answers to these questions on one cloud platform, let alone for multiple clouds. By writing some scripts, I was able to get some answers, but now I needed tools to remediate and mitigate the risk. I realized that I did not have resources to develop those capabilities and could not sustain my current approach. So, I started asking other industry leaders how they were solving these issues. Almost everyone I talked to (CTOs, CIOs, CISOs, Virtualization and Cloud Architects, including people from several Fortune 100 enterprises) expressed the same frustration. At that point, it became apparent that this was a huge problem and we needed to solve this across hybrid and multi-clouds. This led to founding the company CloudKnox Security.
We began our journey in February 2017. We invented Activity-based Authorization technology to manage entitlements of any identity (human or non-human irrespective of their origin) across any cloud infrastructure with the same operating model. We came out of stealth in the Fall of 2018 and launched our platform that supported permissions management in hybrid and multi-clouds infrastructures. Fast forward to 2020, Gartner realized the need for a similar solution and created a category called CIEM (Cloud Infrastructure Entitlement Management). This is the foundation for implementing the principle of least privilege and Zero Trust architecture for cloud infrastructure.
Our platform currently supports private clouds based on VMware vSphere, both on-prem and in the cloud, and several public clouds like Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) with feature parity across all of them.
As more global enterprises started adopting the CloudKnox Permissions Management Platform, we created integrations with several solutions across the identity technology stack like Identity Governance and Administration (IGA), Privilege Access Management (PAM), Security Information and Event Management (SIEM) and IT Services Management (ITSM).
Additionally, we integrated with solutions such as on-premises Active Directory, Azure Active Directory, Active Directory Federation Services, and Azure Privileged Identity Management in the Microsoft ecosystem. Several customers use these products and our integrations across their hybrid and multi-clouds.
We saw opportunities to provide even greater value and seamless experience across hybrid and multi-clouds with deeper integrations within the Microsoft ecosystem. By joining Microsoft, we can unlock new synergies and make it easier for our mutual customers to protect their multi-cloud and hybrid environments and strengthen their security posture.
Finally, on behalf of CloudKnox, I want to extend our sincere gratitude to our:
Customers – Made us who we are today
Investors – Gave us the opportunity for invention
Partners – Made it possible for customers to see the value
Analysts – Provided the awareness and education
You can find additional thoughts from Microsoft here.
CloudKnox Founder, CEO