This GigaOm Research Reprint Expires Mar 20, 2025

GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM)v1.0

1. Executive Summary

Cloud infrastructure and endpoint management (CIEM) solutions enable organizations to efficiently manage and secure their cloud infrastructure as well as the endpoints (devices) that connect to it. CIEM solutions provide capabilities such as asset discovery, configuration management, compliance monitoring, and threat detection and response.

CIEM is essential for organizations looking to optimize their cloud operations, enhance their security posture, and ensure compliance with regulations. With the increasing complexity of cloud environments and the growing number of endpoints, and the proliferation of all sorts of identities in the context of the cloud, CIEM solutions help organizations streamline management tasks, improve visibility and control, and mitigate security risks.

CIEM solutions are primarily targeted at IT and security teams within organizations of all sizes, from small businesses to large enterprises. These teams manage and secure the organization’s cloud infrastructure and endpoints, and CIEM solutions provide them with the tools and capabilities needed to effectively perform these tasks.

The business imperatives to which C-Suites are sensitive should help them consider adding CIEM to the company’s cloud security battery include:

  • Operational efficiency: CIEM enables organizations to automate manual tasks, reduce complexity, and improve overall efficiency in managing their cloud infrastructure and endpoints. This can result in cost savings and improved productivity.
  • Security enhancement: CIEM helps organizations enhance their security posture by providing real-time visibility into their cloud environment and endpoints, as well as the ability to detect and respond to security threats quickly and effectively.
  • Compliance assurance: CIEM solutions help organizations ensure compliance with industry regulations and internal policies by providing continuous monitoring and reporting capabilities.
  • Risk mitigation: By proactively identifying and addressing security risks and compliance issues, CIEM solutions help organizations mitigate the potential impact of security breaches and compliance violations.
  • Business continuity: CIEM solutions help ensure business continuity by providing robust backup and recovery capabilities for cloud-based data and applications, reducing the risk of data loss and downtime.

This is our first year evaluating the CIEM space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 10 of the top CIEM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading CIEM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

2. Market Categories and Deployment Types

To help prospective customers find the best fit for their use case and business requirements, we assess how well CIEM solutions are designed to serve specific target markets and deployment models (Table 1).

For this report, we recognize the following market segments:

  • Small-to-medium business (SMB): This market segment corresponds to companies with fewer than 500 employees. These companies can afford to have their own on-premises data center. Therefore, recourse to cloud infrastructure service provider (CISP) offers a viable alternative. Enterprises from this market segment will look for the CIEM-niched solution provider for SMBs.
  • Large enterprises: Large enterprises are national companies employing more than 500 employees with a presence in the major regions of a country. A majority, if not all, of the buyers in this market segment are already heavily using the cloud as a host of their systems and information assets. They generally struggle to keep up with a tight control of who is doing what on their clouds, as they can have multiple CISPs. Usually, they already have a solid and mature on-premises infrastructure and processes for managing their identities and accesses, but given the new use cases (explosion of nonhuman identities, dynamic resources creation, and suppression, just-in-time or JIT access request) brought on by cloud operations, they have concerns about access risk mitigation in the cloud. CIEM is a must for this segment of the market. Purchase considerations must be thought of in line with the preexisting cloud infrastructure security stacks ecosystem within the organization.
  • Cloud service provider (CSP): A CSP is an organization that offers cloud computing services to businesses, organizations, and individuals. These services can include infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and other cloud-based offerings. CSPs typically operate large data centers with servers, storage, networking, and other resources that customers can access over the internet on a pay-as-you-go basis. Examples of well-known CSPs include Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI).
  • Network service provider (NSP): An NSP offers telecommunications services to individuals, businesses, and other organizations. These services include internet access, data transmission, voice communication, virtual private network (VPN) services, and other networking solutions. Network service providers maintain the physical infrastructure and technology needed to deliver these services, including fiber optic cables, routers, switches, and other networking equipment. Examples of network service providers include AT&T, Verizon, T-Mobile, and Comcast that offer a range of connectivity and communication services.
  • Managed service provider (MSP): An MSP provides managed services to clients, typically in IT. Managed services involve outsourcing the responsibility for maintaining, operating, and anticipating the need for certain processes and functions to improve operations and cut expenses. For example, a managed service company might provide services such as network monitoring, security management, data backup, and help desk support to businesses. The goal of a managed service company is to provide these services efficiently and effectively, often through a subscription-based model, allowing clients to focus on their core business activities.
  • Multinational: A multinational company (MNC), also known as a multinational corporation, is a corporation that operates in multiple countries and has a centralized management system in one home country. MNCs often have a global presence with subsidiaries, branches, or operations in various countries and engage in business activities across national borders. These companies typically have a large workforce and generate significant revenue from their international operations. Examples of multinational companies include Apple, Toyota, and Coca-Cola.
  • Specialized: A specialized company is one that focuses on a specific niche or area of expertise within an industry. These companies often excel in providing unique products or services tailored to meet the specific needs of a particular market segment. For example, in the technology industry, a specialized company might focus exclusively on developing software for a particular industry, such as healthcare or finance. In the automotive industry, a specialized company might focus on manufacturing components or providing services related to electric vehicles. Specialized companies differentiate themselves from more generalist companies by their in-depth knowledge and expertise in a particular area, which allows them to provide highly specialized solutions and cater to specific customer needs.

In addition, we recognize the following deployment models:

  • SaaS: This is the most common deployment model. CIEM vendors usually bundle their CIEM offer as a component of a cloud-native application product platform (CNAPP) that includes other components such as a CIEM and cloud workload protection platform (CWPP) or other integrated platform. Customers subscribe to a marketing package that suits their specific needs and start to exploit the solution.
  • Virtual appliance: A virtual appliance is a software application or a virtual machine (VM) image that is designed to run on virtualization platforms. Unlike physical appliances, virtual appliances do not require dedicated hardware and instead run on virtualized infrastructure. Virtual appliances typically include the necessary operating system, middleware, and application components preconfigured and optimized for a specific purpose. They are often used to simplify the deployment and management of complex software applications because they can be easily distributed and run on any virtualization platform that supports the required specifications. Examples of virtual appliances include virtual firewalls, virtual routers, and virtual servers, among others. These virtual appliances provide functionality that’s similar to their physical counterparts but offer greater flexibility and scalability in terms of deployment and management.
  • Self-managed: A self-managed product is a software or service designed to be managed and maintained by the end-user or customer without the need for extensive support or intervention from the vendor or provider. Self-managed products typically provide tools and interfaces that allow users to configure, monitor, and maintain the product themselves. This can include tasks such as setting up user accounts, configuring settings, monitoring performance, and applying updates and patches. Self-managed products are often favored by organizations with the resources and expertise to manage their own IT infrastructure, as they provide greater flexibility and control over the software or service. However, they may require more technical knowledge and effort to set up and maintain compared to fully managed products, which are maintained and supported by the vendor.
  • Software-only: A software-only product refers to a product that is delivered and used exclusively as software, without any accompanying hardware component. This means that the product is installed and run on existing hardware infrastructure, such as servers, desktop computers, or mobile devices, without the need for specialized hardware devices. Software-only products are often distributed as downloadable software packages or as cloud-based services, and they typically provide functionality such as applications, tools, or utilities to perform specific tasks or functions. Examples of software-only products include word processors, web browsers, and database management systems. Software-only products are popular because they can be easily distributed and updated, and run on a wide range of hardware platforms. However, they may require more resources (such as processing power, memory, or storage) from the underlying hardware compared to hardware-accelerated or hardware-assisted products.

Table 1. Vendor Positioning: Target Market and Deployment Model

Vendor Positioning: Target Market and Deployment Model

Market Segment

Deployment Model

Vendor

SMB Large Enterprise CSP NSP MSP Multinational Specialized SaaS Virtual appliance Self-Managed Software-Only
Britive
CyberArk
Delinea (Authomize)
Microsoft
Palo Alto Networks
Rapid7
SailPoint
Sonrai
Wiz
Zscaler

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

3. Decision Criteria Comparison

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

  • Hyperscaler cloud support
  • User entitlements and permissions discovery
  • User entitlement correlation
  • User entitlement visualization
  • User entitlement optimization

Tables 2, 3, and 4 summarize how each vendor included in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

  • Key features differentiate solutions, outlining the primary criteria to be considered when evaluating a CIEM solution.
  • Emerging features show how well each vendor is implementing capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
  • Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization.

These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating CIEM Solutions.”

Key Features

  • CSPs (2+) support: Supporting more than one CSP is a key differentiator for CIEM solutions. Indeed, organizations often use the services of multiple CSPs at the same time, and potential buyers will want a solution that covers any CSPs they use or plan to use. AWS, Microsoft, and GCP are the most prominent CSPs, but Oracle with OCI, Alibaba, and VMware are other competitors.
  • Advanced entitlement detection: In comparison with the on-premises environment, modern computing has exploded the notion of identity. In today’s environments, identity can belong to any number and type of humans or entities, and a CIEM must be able to find it no matter who or what it belongs to and what that identity is permitted to do.
  • Least-privileged access enforcement: Least privilege access is an information security concept by which a user or entity is granted only the minimum level of access—permissions and privileges—necessary to carry out their professional functions. No user, human or otherwise, should be able to access any system data or resources beyond what is needed. CIEM solutions should have the functionality to ensure this control is implemented across the environment.
  • Compliance automation: A CIEM solution should be able to automate tasks relating to maintaining and demonstrating compliance with relevant regulations and standards. This might include auditing capabilities for regularly reviewing the privileges of human and nonhuman identities related to accessing sensitive data and using the organization’s applications and systems in the cloud. The solution should be able to enforce policies and produce reports on entitlements and activity affecting compliance.
  • Entitlement policy definition: CIEM solutions are expected to offer a set of predefined policies governing and controlling access to systems and data in the cloud. These policies should cover most common standards and regulations for different sectors of activity, such as finance, industry, or the trade of goods and services. However, the CIEM solution should allow the organization to add new policies and make exceptions to or completely override a predefined policy.
  • Integrations: CIEM is one more piece in the collection of cloud security tools. Integration with upstream systems such as an identity provider (IdP) and downstream with enabled ticketing systems is a determining factor in operational efficiency. In addition, the integration of other cloud security systems is key to enabling a 360-degree view of an organization’s cloud security.

Table 2. Key Features Comparison

Key Features Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Key features

Vendor

Average Score

CSPs (2+) Support Advanced Entitlement Detection Least-Privileged Access Enforcement Compliance Automation Entitlement Policy Definition Integrations
Britive 2.8
CyberArk 3.5
Delinea (Authomize) 3
Microsoft 4.3
Palo Alto Networks 4
Rapid7 3.2
SailPoint 4.3
Sonrai 3.5
Wiz 4
Zscaler 3.2

Emerging Features

  • JIT privileged access management: In today’s cloud computing environments, both human and nonhuman users often need privileged access to resources. However, privileged access carries with it enormous risk, particularly in modern service- and microservices-based system architectures, IaC, CD/CI, and more, where ephemeral and one-time access requests to necessary resources are very common. As such, some CIEM vendors are exploring JIT permissions so users have only the permissions they need and only at the time they need them.
  • AI runtime policy enforcement: Defining security policies is a necessary step, and these policies then remain in force until they need to be updated. However, the context and history at the time of application of the policy is significant, and there may be occasions to make the policy even stricter or to make it more flexible, depending on the current use case. A capability that is becoming available in some CIEM solutions is the use of AI to enforce access control policies dynamically at runtime so that access is decided based on the specific context of a request rather than on predefined policies.

Table 3. Emerging Features Comparison

Emerging Features Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Emerging Features

Vendor

Average Score

JIT Privileged Access Management AI Runtime Policy Enforcement
Britive 0.5
CyberArk 2
Delinea (Authomize) 1
Microsoft 3
Palo Alto Networks 4.5
Rapid7
SailPoint 3.5
Sonrai
Wiz 2
Zscaler

Business Criteria

  • Ease of use: The ease of use of CIEM for a user, whatever their role in CIEM, very much depends on the interface of the solution dashboard and the fluidity and intuitiveness of navigation through its different tabs.
  • Flexibility: The CIEM solution at the time of its deployment will be configured, to the extent possible, according to the customer’s needs and context. Along the way, new needs or requirements may appear. The degree of flexibility of the solution to take those into account is a determining parameter in the choice of the solution.
  • Scalability: The ability of the CIEM solution to adapt to the business context of the organization either by adding or reducing storage or computing capacity is a business requirement that must be carefully analyzed when selecting the solution.
  • Cost: Cost can vary among solutions, and prospective buyers should consider all factors that may affect cost. This includes licensing prices, start-up costs, hourly rates for professional services, and staff training costs.
  • Ecosystem: A solution’s ecosystem can add enormous value. It would be hard to overstate the benefit to customers of having forums to discuss technical or functional issues not necessarily addressed by the solution provider, such as tools developed and shared by the communities that help to resolve the customer’s specific problems or cases without them having to spend significant amounts of money or turn to the solution provider.

Table 4. Business Criteria Comparison

Business Criteria Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Business Criteria

Vendor

Average Score

Ease of Use Flexibility Scalability Cost Ecosystem
Britive 2.6
CyberArk 2.4
Delinea (Authomize) 3.4
Microsoft 3.8
Palo Alto Networks 3.8
Rapid7 3.2
SailPoint 3.4
Sonrai 3.4
Wiz 3
Zscaler 2.6

4. GigaOm Radar

The GigaOm Radar plots vendor solutions across a series of concentric rings with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for CIEM

As you can see in the Radar chart in Figure 1, vendors are evenly distributed between the Feature Play and Platform sides of the Radar. The number of Feature Play vendors reflects the youth of the category in the cloud security solutions market. CIEM is still in innovation and maturation mode.

Vendors in the Leaders circle have mainly come from or have recognized expertise in the field of identity governance and administration (IGA) and identity access management (IAM) sectors. The Challengers are mostly cloud-native, CIEM-focused companies or cloud-native, cloud security-focused companies.

There’s a trend toward consolidation, wherein cloud security- or identity security-focused companies are acquiring CIEM-focused vendors. Although CIEM could still be available as a standalone product, the market might increasingly move toward larger Platform Play vendors having CIEM as a component that contributes to a 360 vision of cloud security. Customers could then leverage other products within the vendor’s portfolio related to identity—such as cloud security posture management (CSPM), cloud workload protection platform (CWPP), cloud-native application protection platform (CNAPP), or identity threat detection and response (IDTR)—for a more comprehensive take on cloud identity security.

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; there are aspects of every solution that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

5. Solution Insights

Britive

Solution Overview
Britive is a cloud-native company founded in 2020, making it a relatively new company in the cloud identity and access security market. Britive specializes in identity and access management in cloud environments, offering functionalities to secure, manage, and control access to cloud resources within organizations.

The solution is designed to manage both human user accounts or identities and nonhuman accounts or identities, such as service accounts, functions, bots, applications, and other programmable entities. This access management covers both operational systems and DevOps development processes.

Strengths
Britive scores high on the CSPs (2+) support decision criterion. It supports major cloud platforms, including AWS, Microsoft Azure, and GCP, as well as OCI.

Britive also has a high score on the scalability decision criterion. It solves the challenges in a flexible cloud package that easily scales with the DevOps pipeline and business growth, enabling customers to reduce both the time and level of expertise needed to securely manage data, apps, and resources in the cloud.

Challenges
The CIEM solution’s notable weakness is related to the ecosystem business criterion and stems from its youth in the market and lack of customer and user community. Customers must therefore seek support from Britive when facing issues.

Purchase Considerations
Implementing Britive can be complex, particularly for businesses with complex or heterogeneous cloud environments. Costs associated with licensing, implementation, training, and support can be significant, depending on the size and complexity of the business. Britive offers a pricing model comprising four packages: basic, starter, core, and ultimate. Packaging is based on the number of IaaS and SaaS applications supported, and the number of human identities and service identities.

Britive’s solution can benefit businesses of all sizes and various industries, including finance, healthcare, technology, retail, education, and government services. Businesses that use multiple cloud service providers (multicloud) can benefit from the centralized identity and access management offered by Britive.

Radar Chart Overview
Britive is positioned in the Innovation/Feature Play quadrant. Its offering to date is mainly focused on resolving issues related to access management in multicloud environments, whether in the DevOps development phase or for systems operating in the cloud. The solution covers human and nonhuman accounts. Britive deepens each of the features of its CIEM to make a robust and complete solution for managing entitlement in the cloud. With continued enhancements to its offering, we anticipate it will move into the Challenger ring in future evaluations.

CyberArk, Cloud Entitlements Manager

Solution Overview
Founded in 1999, CyberArk specializes in identity security. It is known for its privileged access management (PAM) solutions, which help secure high-risk accounts in companies’ IT systems. When it comes to CIEM, CyberArk also offers solutions in this area to help organizations secure and manage access to cloud resources efficiently and in compliance with regulations.

Capabilities from CyberArk’s CIEM solution (formerly known as Cloud Entitlements Manager) have been rolled into CyberArk Secure Cloud Access, CyberArk’s offering for JIT privileged access management. Secure Cloud Access can be deployed as a standalone solution or integrated into their broader PAM offering. The main CIEM components of Cloud Entitlements Manager Secure Cloud Access include role-based entitlements management meant to: set and manage permissions based on the roles assigned to users, perform permission analysis to identify security risks related to excessive or inappropriate permissions, automate security policy to apply security policies and access controls, perform activity auditing and monitoring to track and record the activities of users and privileged accounts, and provide JIT privileged access management (both JIT access elevation and JIT assignment of cloud entitlements) and integrations with other security solutions to enable consistent visibility and control across the entire enterprise IT environment.

Strengths
CyberArk is remarkable in advanced permissions analysis, contributing to a high score for the advanced entitlement detection decision criterion. The solution provides advanced permissions analysis capabilities, helping to quickly identify and remediate security risks related to excessive or inappropriate permissions. This criterion is complemented by its strength in least-privileged access enforcement, as CyberArk analyzes and visualizes authorizations on AWS, Azure, and GCP, then provides policy recommendations for removing excessive permissions that violate least privilege access. Removal of excessive entitlements can be automated or left to the discretion of the SecOps administrator.

Challenges
It has lower scores for ease of use and cost. Deployment and configuration can be complex and time and resource intensive. Additionally, CyberArk security solutions are often considered expensive, both for the initial cost of the product and the fees required for professional services and training, putting the solution out of reach for most SMBs. However, CyberArk is aware of this challenge, and it proposes a base package that can encourage SMB adoption of CyberArk’s CIEM solution.

Purchase Considerations
CyberArk’s CIEM solution (formerly Cloud Entitlements Manager) is no longer a standalone or marketed offering. The CIEM capabilities are now sold only as Secure Cloud Access. It is available as a SaaS solution. Prospective customers should expect a learning curve and maybe some integration challenges, especially if the organization has not invested before in other CyberArk products. Training and professional service will be required.

CyberArk Secure Cloud Access is primarily aimed at large enterprises and mid-sized organizations that use cloud services and are looking to strengthen the security of their cloud resources by effectively managing permissions and access. Potential customers include those who need to comply with strict data security regulations, who seek to minimize the risks of data breaches or leaks of sensitive information, and who want to improve visibility and control over their cloud environments. A base package, costing $50 per user per month, can be considered by SMBs as an entry point to CyberArk technology.

Radar Chart Overview
CyberArk is positioned in the Maturity/Platform Play quadrant. It offers a complete PAM solution that also integrates CIEM. This approach enables centralized and consistent management of privileged access across the entire enterprise IT infrastructure, whether on-premises or in the cloud. The vendor is in the process of maturing its CIEM solution, which was launched in late 2020. It has solid scores across most of the decision criteria and is positioned in the Challenger ring. We see it transitioning its expertise in high privileged access management (HPAM) into the broader cloud identity security space and expect its positioning to improve in future iterations of this report.

Delinea (Authomize)

Solution Overview
Privileged access management vendor Delinea acquired Authomize in January 2024, before the conclusion of this research. GigaOm evaluated Authomize, an Israel-based company founded in 2019, as a separate entity before the acquisition and did not evaluate it as part of Delinea’s portfolio, which already included some CIEM capabilities.

Authomize is a cloud-native company dedicated to organizations needing an authorization management solution to manage and secure complex applications across hybrid environments. It provides agentless identity-security solutions that help security and IAM teams detect, investigate, and respond to identity and access threats. These solutions help SecOps teams to configure least privilege access policies and help prevent account takeovers, privilege escalations, and lateral movement, and detect identity-based attacks as they happen across all their organization cloud environments and IAM infrastructure. There are two main solutions: Identity Threat Detection and Response (ITDR) and Cloud Infrastructure Entitlement Management (CIEM).

Strengths
Authomize scores well on most of our decision criteria. Particular standouts include the advanced entitlement detection and compliance automation key features. These features allow the analysis of individual permissions and rights assigned to identities, roles, and resources while considering the context in which permissions are assigned as well as the user’s role, responsibilities, and job function. Over time, a model of anomalies linked to authorizations and based on the evaluation of user interactions with cloud resources emerges, making it possible to calculate risky behaviors. Analysis is ongoing, with constant monitoring and evaluation of permissions and rights, to adapt to changing user roles and access needs. This capability applies to human and nonhuman identities, which include service accounts, workloads, user accounts, and application principal.

Challenges
Given the company’s young age and the new field of securing operations in the cloud via CIEM, Authomize has a way to go on some of the decision criteria. Among other things, JIT privileged access management is not available as a standalone feature but is achieved indirectly through the in-depth integration with Delinea, as a joint solution sold under common package form. The vendor also has lower scores for integrations and vendor ecosystem.

Purchase Considerations
Authomize is ideal for SMBs that have cloud-hosted systems but have a limited budget to allocate to securing their cloud environment. It can also benefit larger companies, especially since it was acquired by Dilenea, an established vendor in the cybersecurity market with a broad customer base.

Prospective customers should be aware that as Authomize’s capabilities are integrated into the Delinea Platform, the offering could change considerably over the next few years.

Authomize is well suited for organizations looking to secure their cloud infrastructure and IAM infrastructure, secure and monitor nonhuman identities and privileged accounts in the cloud, and apply conditional access to enterprise cloud assets.

Radar Chart Overview
Authomize is positioned as a Challenger in the Innovation/Feature Play quadrant. Its offering is made up of two complementary solutions (ITDR and CIEM), and it earned average scores in most of the decision criteria and high scores for cost and advanced entitlements management. However, with its recent acquisition by Delinea, which seeks to expand its cloud security offering to Authomize’s CIEM solutions, it may move more toward the Platform Play side of the chart in future iterations.

Microsoft, Entra Permission Management

Solution Overview
Microsoft Entra Permission Management, built on the formerly CloudKnox Security, provides comprehensive visibility and control over permissions for identities in multicloud environments.

Strengths
Microsoft Entra Permission Management achieved high scores on most of our decision criteria, including advanced entitlement management, least-privileged access enforcement, and integrations. Microsoft also has a global ecosystem, which allows customers to find answers to their particular issues, and offers training, available in different formats, that’s abundant and detailed. In terms of flexibility, adding a new cloud resource, identity provider, or CISP is always possible without having to spend time and effort for well-trained operators. Microsoft’s cloud-based approach to IAM enables quick and seamless scaling to customer capacity needs while providing global accessibility and reducing operational burden for customer organizations.

Challenges
Microsoft Enta Permission Management will have a challenge to meet JIT privileged access management for the cloud context directly, even with a combination of two systems (IAM and CASB). The same goes for the AI runtime policy enforcement criterion. These two criteria are available for on-premises environments but not yet directly for the cloud.

Note, however, that the ‘’permission on demand’’ feature can certainly, to a certain extent, compensate for the lack of JIT in the cloud context.

Purchase Considerations
Microsoft Entra Permission Management is billed by resource. A billable resource is defined as a cloud service that uses compute or memory capacity. Permissions Management supports all resources across AWS, Microsoft Azure, and GCP but only requires licenses for billable resources per cloud provider.

Permissions Management is available today as a standalone solution, priced monthly per resource. Resources supported are: compute resources, container clusters, serverless functions, and databases across AWS, Microsoft Azure, and GCP.

Microsoft Entra Permission Management is well-suited for any organization that wants cloud security and IAM. Public bodies, SMBs, large and global organizations, and all sectors of activity combined can consider Microsoft Entra Permission Management to secure their cloud assets.

Radar Chart Overview
Microsoft is positioned in the Maturity/Feature Play quadrant. While Microsoft Entra Permissions is part of Microsoft’s cloud security product portfolio, it can be purchased as a standalone product. For this reason, we consider Microsoft for its CIEM offering as a Feature Play. Although it is a relatively recent introduction to Microsoft’s offering, thanks to lengthy experience and great expertise in IAM, its CIEM has already acquired Maturity. Due to its high scores across most decision criteria, it’s a Leader in this evaluation.

Palo Alto Networks, Prisma Cloud

Solution Overview
Founded in 2005, Palo Alto Networks is a major player in the IT security market, providing solutions for large businesses, service providers, and government agencies. It’s focused on developing advanced cybersecurity solutions, including next-generation firewalls (NGFW), threat prevention tools, and security platforms to protect against cyberattacks.

Palo Alto Networks Prisma Cloud delivers a CIEM integrated into a comprehensive security platform that protects applications from code to cloud across the three major cloud providers: AWS, Azure, and GCP. Its capabilities include:

  • Net-effective permissions calculation, giving organizations deep visibility into who can take what actions on which resources, including identities managed by identity provider or single sign-on tools.
  • Rightsizing permissions to achieve least privilege, whereby teams can detect overly permissive access and then leverage recommendations to rightsize them based on past usage.
  • JIT access, which applies a zero-trust approach to permission management by limiting access to resources based on an as needed and time-limited basis.
  • Attack path context, which offers suggestions for ideal permissions levels for IAM entities in an environment based on past usage.
  • AI/ML-powered threat detection, which leverages AI/ML to analyze identity behavior and flag suspicious actions.
  • Source of code to cloud intelligence, which delivers precise and prioritized alerts by considering context from across the platform, such as CSPM and threat detection, and access risks using Prisma Cloud CIEM.

Strengths
Palo Alto Networks Prisma Cloud achieved high scores on several key features, including least-privileged access enforcement and compliance automation. Its advanced rights detection features provide complete visibility into user and machine rights in multicloud environments. Using a sophisticated authorization calculation algorithm, organizational SecOps teams can identify potential risks associated with overly permissive access, unused rights, dormant accounts, or overly privileged identities.

Its least-privileged access enforcement functionality also stands out. It is designed to be comprehensive, covering multicloud environments, cross-account access, and cross-platform configurations. This ensures that the least-privileged access enforcement application is applied consistently across the organization’s cloud infrastructures, regardless of the underlying cloud provider or platform. At the customer’s discretion, they can use the automatic correction option for overly permissive access.

Also worth noting is the importance of the community of users of Palo Alto Networks’s products. The advantage of having a solid community for potential customers is to find answers to questions or opinions on issues related to the use of the tool relatively quickly and without having to always resort to the professional services of the supplier.

Challenges
Although Palo Alto Networks has a good score on the ease of use business criterion, there’s room for improvement. Indeed, improving the user experience to simplify IAM in the cloud and make it more accessible to non-security experts would be beneficial. This includes, among other things, refining the interface, simplifying terminology, and providing contextual advice. Similarly, although it has an excellent score for the JIT privileged access management emerging feature, it’s only available on AWS—Azure and GCP are not currently supported by this functionality.

Purchase Considerations
Prisma Cloud provides customers flexibility when determining the features and modules best suited to the organization’s needs without unnecessary complexity when purchasing. Organizations must keep in mind that purchasing CIEM from Palo Alto Networks involves purchasing CSPM or a bundle on the Prisma Cloud Platform.

There are two purchasing options:

  • Best value: Bundled features, priced per VM, for simplistic pricing that covers the most common use cases.
  • Most flexible: Prisma Cloud offers credits purchased under a single SKU. Credits can be consumed by any module for any cloud asset. This allows customers increased flexibility when determining which features and modules best suit their organization’s needs without unnecessary complexity when purchasing.

The solution can support any organization that has operational IT environments in the cloud. Whether single or multicloud, the challenges of mitigating risks related to human and nonhuman identities accessing company resources in the cloud remain a major objective of securing the organization’s cloud environments. In short, regardless of the company’s size or its sector of activity, as long as it has assets in the cloud, it can consider Prisma Cloud as a tool for protecting its cloud assets.

Radar Chart Overview
Palo Alto Networks is positioned in the Maturity/Platform Play quadrant. The vendor combines its different solutions in platforms dedicated to a specific field or category. In the case of Prisma Cloud, it brings together different components of securing operations in the cloud. However, given the relative novelty of the CIEM category, Palo Alto is putting considerable effort into enhancing its offering and into maturing the key functionalities of the product. It has high scores across the decision criteria we evaluated and is positioned as a Leader. With its accelerated efforts to make its solution even more relevant to the contexts of cloud identity security, its position among the Leaders in the category will strengthen in the coming years.

Rapid7, InsightCloudSec

Solution Overview
Rapid7 is an IT security company that provides solutions to help organizations detect and respond to security threats. It offers a range of products and services, including tools for vulnerability management, intrusion detection, and security data analysis.

In March 2021, Rapid7 acquired IntSights, a company specializing in cybersecurity and threat intelligence. This acquisition strengthens Rapid7’s threat intelligence capabilities and expands its security solutions portfolio.

Its CIEM product is part of Rapid7’s InsightCloudSec platform. In addition to cloud identity and access management, InsightCloudSec also provides security configuration management, regulatory compliance, threat detection, and incident response capabilities in cloud environments.

Strengths
Rapid7 achieved a high score on CSPs (2+) support. Rapid7’s CIEM supports major cloud platforms, including AWS, Azure, GCP, OCI, and Alibaba Cloud.

Rapid7 also scores very well on ease of use. Rapid7 emphasizes the user-friendliness of its user interface and the ease of deployment and management of its CIEM solution, making adoption faster and more efficient for businesses.

Challenges
Rapid7’s CIEM solution relies on integration and interoperability with other existing security products in the enterprise environment, requiring compatibility with existing IAM systems. For example, if a company uses a specific IAM solution to manage identity and access across its infrastructure, integrating Rapid7’s CIEM solution with that system might require additional configuration and development work to ensure full compatibility and consistent IAM across both platforms. This integration process can sometimes be complex and require in-depth technical expertise to ensure successful deployment and optimal functionality.

Purchase Considerations
Customers must purchase the InsightCloudSec platform to get access to the CIEM capabilities. InsightCloudSec is also included within the vendor’s Cloud Risk Complete offering. Organizations do not need to purchase other parts of the platform, such as InsightVM and InsightIDR, to gain access to CIEM.

The solution is well-suited to a diverse range of customers, from SMBs to large enterprises and government organizations. Although it is designed to meet the specific security needs of cloud environments, it can be adapted to various sectors and industries, including finance, healthcare, technology, retail, and education. It can integrate with different cloud service providers. Rapid7’s CIEM solution can be deployed in a wide variety of scenarios and IT environments, providing effective protection against security threats in the cloud.

Radar Chart Overview
Rapid7 is positioned in the Innovation/Platform Play quadrant. The InsightCloudSec platform must be purchased to get access to the CIEM functionality. InsightCloudSec offers IAM in cloud environments as well as threat detection, security configuration management, log and event analysis, and automation of security actions. This broader, integrated approach makes InsightCloudSec a comprehensive platform for meeting enterprise cloud security needs rather than a standalone solution limited to IAM. Although the solution can be considered mature in the sense that it offers robust and proven functionality for IAM in cloud environments, Rapid7 is continuing to invest in R&D to improve and enrich its CIEM solution with new or wider coverage of its features.

SailPoint, SailPoint CIEM

Solution Overview
SailPoint CIEM is an identity-focused integrated cloud governance solution within SailPoint Identity Security Cloud (ISC) that extends identity security to cloud infrastructure. Enterprises can govern IaaS access directly from the core identity solution using SailPoint to manage access to other enterprise applications and data.

Core capabilities include:

  • Visibility: An IAM-centric view of cloud access and usage providing a single pane for visibility and a graphical view of identities and entitlements across AWS, Azure, and GCP IaaS environments.
  • Provisioning: Offering comprehensive lifecycle management and ad hoc requests to govern cloud access alongside other enterprise applications, including the automated creation and certification of cloud accounts and entitlement assignments.
  • Cloud governance: Providing full compliance management based on predefined and customized access policies for multicloud environments.
  • Reporting: Detailed cloud access reports that reveal cloud access and drive entitlement certification, auditing, and compliance. These reports also include unused access by action (read-write-admin), service type, entitlement, and resources-specific reporting to right size cloud access.

Strengths
SailPoint is a recognized leader in enterprise SaaS and on-premises IAM solutions. It is natural and inevitable that SailPoint extends its solution to cover new IAM use cases specific to cloud environments. SailPoint has provided solutions specific to cloud governance and CIEM since 2019.

Sailpoint achieved high scores on several decision criteria, including advanced entitlement detection, least-privileged access enforcement, and entitlement policy definition.

When it comes to advanced entitlement detection, the Sailpoint CIEM solution does not discriminate on identity and collects access via entitlements from identity provider to role to direct attribution. Identity types include humans, nonhumans (such as RPA bots), and machines; and coverage is multicloud, multiplatform, and multi-account.

SailPoint ISC manages delegated permissions granted by administrators and users for service principals (enterprise applications) and service accounts (users) in Azure; ISC helps administrators understand all possible ways a user can access GCP, including services, resources, privileges, and access levels.

Challenges
On a technical level, Sailpoint’s CIEM solution satisfies with its quality and coverage of the different use cases of access management in the cloud. However, the solution does have room for improvement, particularly for seamless interface with other access governance systems, such as PAM solutions. The vendor could also extend the unused access reporting to include accounts (scope) and identities for activity-based reporting. This data will make it possible to better size the access governance policy.

Cost is another challenger; its prices are generally much higher than those of its main competitors. This likely puts it out of reach for many SMB organizations that use the cloud.

Purchase Considerations
SailPoint CIEM is an integrated product within SailPoint Identity Security Cloud; it’s included as part of the Business Plus package and as an optional add-on to the standard and business package. The SailPoint Identity Security Cloud solution is delivered via AWS cloud and AWS.

SailPoint CIEM is priced per identity based on the user types (machine or person with access within the governed environment). Various support and setup services are available for an additional fee.

The solution is well-suited for several use cases, including discovering access in complex IaaS environments and identities and entitlements across IaaS environments; managing and monitoring for risky or unused access; governing and remediating cloud infrastructure access to critical workloads across multiple cloud environments; monitoring for policy enforcement and threats, and detecting potential risks; and cloud access provisioning and cloud governance (consists of identity’s cloud access certification).

Radar Chart Overview
SailPoint is positioned as a Leader in the Maturity/Platform Play quadrant. Its CIEM is not a standalone solution and is available as part of its Sailpoint Identity Security Cloud platform. Under the same analysis, while SailPoint’s IAM solution can be considered Mature in on-premises and SaaS environments, its cloud counterpart, CIEM, is still innovating. SailPoint, like all its competitors in CIEM solutions, recently entered this market. However, given its leadership in the IAM field in general and the extensive functionalities offered by its CIEM, we see it continuing to be a Leader in future evaluations.

Sonrai, Cloud Identity Security

Solution Overview
Sonrai, a US-based cloud-native company founded in 2017, specializes in security management in the cloud. Sonrai Cloud Identity Security is a centralized, SaaS-based enterprise identity, data, and workload security solution that monitors every possible relationship among identities, their permissions, and data across environments. The solution operationalizes enterprise cloud security by automating workflows, remediation, and prevention capabilities to ensure that all identities, workloads, and data stay secure. It supports the three major CISPs: AWS, Azure, and GCP.

Sonrai’s solution stands out in its approach to discovering and decoding permissions in the cloud. To do this, it relies on identities and data as a focal point. The solution also allows, in the wake of the discovery phase, segmenting the environments among sandbox, development, and production phases.

Strengths
Sonrai’s CIEM solution scores above average for many of our decision criteria. It has a high score for CSPs (2+) support because in addition to the three hyperscalers (AWS, Azure, and GCP), Sonrai also supports OCI. It scores well in least-privileged access enforcement because it begins by discovering all identities (users, roles, and services) and their relationships across cloud environments. In a granular way, it maps the relationships and permissions. Step by step, all deviations trigger notifications, and recommendations for remediation are proposed. To account for the dynamic nature of granting access and rights in the cloud, this exercise is carried out continuously in cloud computing environments, capturing changes as soon as they happen. Sonrai’s solution also stands out for its ecosystem. Indeed, Sonrai has a developed community, resources, and knowledge base capable of responding to questions and particular situations that a customer may encounter during the operation of the Sonrai solution.

Challenges
Sonrai scored less well on the integrations key feature and doesn’t offer either of the two emerging features we evaluated: JIT privileged access management and AI runtime policy enforcement.

Purchase Considerations
Sonrai CIEM is not a standalone solution. Sonrai’s vision is to offer a CNAPP-type cloud security platform. This is composed of different products, CSPM, CWPP, SCPM, and CIEM, which are dedicated to the different nested dimensions—namely, data, identities, infrastructure, and servers—that are the building blocks of a secure cloud computing environment. Threats can exploit a breach in either dimension to perpetrate a malicious act, so the idea is to collect the different data from the platform’s integrated security products to best respond to the threat.

By integrating its cloud security products into the CNAPP platform, Sonrai seeks to provide a 360-degree view of actual or anticipated potential vulnerabilities. Therefore, prospective customers must decide whether they want to equip their organization with a platform rather than a particular product to secure assets in the cloud.

Sonrai modulates its pricing based on resource counts at the time of the initial assessment of a customer’s environment; for example, small, intermediate, or large cloud environments would be priced differently. Volume discounts are applied as more resource blocks are purchased.

Sonrai addresses large, global, and managed service enterprises; however, SMBs are not targeted. Its customers are not limited to a particular industry. In fact, any midsize to large organization with assets in the cloud can potentially be a Sonrai customer.

Radar Chart Overview
Sonrai is positioned in the Innovation/Feature Play quadrant. Sonrai is still working to improve and innovate on its CIEM and the other components of its CNAPP platform. It has solid scores on the decision criteria we evaluated and is a strong Challenger in this space.

Wiz, Cloud Infrastructure Security

Solution Overview
Wiz is a US-based cybersecurity company founded in 2020. It specializes in cloud security and provides solutions to identify and mitigate security risks related to cloud environments. Wiz focuses on detecting vulnerabilities, particularly in AWS, GCP, Azure, and secure platforms.

Wiz’s CNAPP includes CSPM, CWPP, KSPM, DSPM, CDR, IaC scanning, AI-SPM, and CIEM. The CIEM solution is accessible, configurable, and operated from the same dashboard as the other solutions of the platform.

Wiz’s CIEM solution provides deep visibility into cloud access permissions, enabling more effective management of security risks. It stands out for its ability to detect configuration errors, automate corrections, and provide insightful analytics to strengthen the security posture of cloud infrastructures. Its security graph provides visibility into risks in cloud environments and enables risk prioritization and assessment.

Strengths
Wiz has a high score for the CSP support key feature. It distinguishes itself by the number of CSPs that it already supports. Any CIEM solution worth considering must support all three of these: AWS, GCP, and Azure. Wiz goes further and supports two other CSPs: OCI and Alibaba Cloud. It also has a high score for the integrations key feature. The platform comes with more than 90 integration APIs, which cover both platforms and SaaS, including Jira, Opus Security, and Okta.

Wiz scores high on the ease of use business criterion. The onboarding process provides complete visibility of cloud environments in a short time. In addition, the product is flexible and allows you to create your own rules for simple or complex scenarios. The security graph is very easy to query. Wiz’s user interface is very intuitive and is easily adopted by diverse teams, even those without security experience.

Challenges
CIEM is part of an integrated platform of cloud security solutions, so it is not possible to purchase it as a standalone solution. Consequently, we anticipate that the business criterion of cost for SMBs or even for large companies may be considered high (scoring it lower) if the prospect’s need is purely for CIEM functionalities.

Purchase Considerations
Wiz CIEM is not a standalone solution. Wiz approaches its cloud security products as building blocks that make up a larger and more comprehensive whole in the strategy for protecting organizations’ cloud information assets. This set constitutes its CNAPP platform. By integrating its cloud security products into the CNAPP platform, it seeks to provide a 360-degree view of actual or anticipated potential vulnerabilities. Therefore, prospective customers must evaluate whether a platform rather than a particular product is the right approach to secure their assets in the cloud.

Wiz offers good support and training in different formats (documentation, webinar, classroom, and live online) to its customers.

Wiz offers two licenses:

  • Wiz Essential for organizations starting their cloud journey. It allows organizations of all sizes to quickly understand their cloud environment and critical risks.
  • For more mature organizations, Wiz Advanced offers features, including in-depth risk analysis, detection and response, and comprehensive customization. Licenses are based on the number of workloads in the environment, and pricing scales with cloud usage.

Every organization that has its information assets in the cloud must consider adopting a CIEM solution at one point or another. This, however, requires that the organization has already reached a level of maturity in securing its cloud environment before adopting a cloud. Therefore Wiz can serve all market segments regardless of the organization’s sector of activity. However, we note that Wiz already has a customer base encompassing major companies from different sectors, including financial, hospitality, and manufacturing.

Radar Chart Overview
Wiz is positioned in the Maturity/Feature Play quadrant. It’s a cloud-native company that specializes in cloud security. Even though Wiz was founded only in 2020, it is maturing its CNAPP components, including CIEM. It has average scores for most decision criteria, with a few standout capabilities, and is positioned as a strong Challenger in this evaluation. Thanks to its focus on this area in particular and provided that it continues to enhance its offering, we anticipate Wiz will strengthen its position in future evaluations.

Zscaler, Posture Control

Solution Overview
Founded in 2008, Zscaler is a cybersecurity company focused mainly on IT security and cloud security. In 2020, Zscaler acquired Cloudneeti, a CSPM solution, and in 2021, it acquired Trustdome, a CIEM solution. The integration of those two solutions allowed Zsaler to come out with a full CNAPP solution called Posture Control in 2022. Posture Control secures cloud infrastructure, sensitive data, and native application deployments across multicloud environments.

Strengths
Zscaler scores high on the advanced entitlement detection criterion. Its solution detects and manages human and nonhuman accounts—such as service accounts, system accounts, and bots—in cloud environments, including AWS, GCP, and Azure. With this broad and deep visibility across an enterprise’s entire cloud infrastructure—including identities, privileges, and access—organizations can quickly detect anomalous behavior or security breaches.

It also has a high score on the integrations criterion, offering:

  • Integration with IAM solutions, which allows the synchronization of identities and authorizations and centralized access management in cloud environments.
  • Integration with compliance and risk management tools that help businesses maintain compliance with security and regulatory standards.

Challenges
It has a low score on the cost business criterion because its solutions are more expensive than other competitors. As the Zscaler CIEM is part of the Posture Control platform and is not sold as a standalone solution, this could be an obstacle for those with more restricted budgets.

Purchase Considerations
Zscaler offers a subscription model for its Posture Cloud Platform, with different types of subscriptions. These packages range from the most basic to more enriched packages. For effective use of the Zscaler Cloud Protection solution, professional services and training for employees will be required. Zscaler costs are generally on the high end, which can be a challenge for some companies without in-house resources or sufficient budget allocations.

Zscaler CIEM is typically aimed at large enterprises and mid-sized organizations with complex IAM needs in cloud environments. Large multinational companies, regulated companies, companies undergoing digital transformation, or those with complex security needs are potential consumers of Zscaler CIEM.

Radar Chart Overview
Zscaler is positioned in the Innovation/Platform Play quadrant. Its CIEM is designed as a component in an integrated platform of cloud security solutions. At the same time, Zscaler is still enriching the functionality of its recently acquired CIEM solution to cover all the major use cases that define the category. . Given the position and maturity of Zscaler in the field of cloud security, we expect to see it quickly progress in future iterations of this report.

6. Analyst’s Outlook

The CIEM market was born from the need to fill the gaps observed in the management of identities and access in cloud computing compared with IGA on-premises. The CIEM category appeared in 2020 and is therefore a relatively recently emerging segment of the cloud security market. Its maturation is still in progress.

Vendors in the CIEM category come from three main families of IT solution providers:

  • Suppliers focused on CIEM, companies that will develop a solution that addresses the problems or blind spots of IAM in the cloud. By concentric circles, they will move toward adding other complementary cloud security solutions to their portfolio to offer an integrated cloud security solution platform. This could fall into one or another of the broader and already known categories, such as CNAPP or IGA cloud computing. Their deployment model is generally in the form of a SaaS.
  • Suppliers focused on CNAPP, which are usually companies that already offer a set of cloud security components such as CSPM, CWPP, IaC, and want to add, in concentric circles, CIEM to their platform. Their deployment model is generally in the form of a SaaS.
  • Suppliers and companies focused on IAM are usually IAM solution providers that are well-established in the on-premises market. Their entry into CIEM, an extension of IAM into cloud computing, should, to a certain extent, be a natural and expected move. Their deployment model is generally in the form of a SaaS.

Most CIEM solution providers are found on the Feature Play side of the Radar, which reflects the youth of the category in the cloud security solutions market. CIEM is still in innovation and maturation mode. There are many entrants, and the positions of the different players today are likely to change next year.

The trend toward the consolidation by acquisition of CIEM-focused companies by cloud-security or identity-security-focused companies will be increasing. Although CIEM could still be available as a standalone product, the trend could increasingly move toward platform propositions having CIEM as a component that contributes to a 360 vision of cloud security. The suppliers of these platforms will then advise their prospects to activate the other components of the platform, CSPM or CWPP, for example, if the platform is of the CNAPP kind or IDTR or verified ID type, or other products around identity if the platform is a type of cloud identity security solution.

In the era of the cloud-first strategy adopted by more and more organizations, all sectors combined, all sizes combined, any organization which has more or less information assets in the cloud should, in the relatively short term, be equipped with a CIEM solution.

The main determinant would be:

  • The degree of its presence in the cloud.
  • The maturity of its cloud security system is already in place.

For the first point–the degree of adoption of cloud first–an organization just beginning to move its assets to the cloud may worry later about the introduction of CIEM into its cloud security ecosystem. The volume and complexity of use cases would not yet be sufficient to justify the investment in time and resources. However, a company that has already established its environments and assets in the cloud would be wise to include CIEM in its cloud security roadmap fairly quickly. Indeed, this type of company should already be experiencing the issues related to IGA in the cloud.

As for the second point–the maturity of the cloud security system already in place–the company that plans to add CIEM to its battery of cloud security tools may have to acquire it as part of a CNAPP that usually includes other components such as CSPM, CISP, and ITDR. However, you can also get equipped with a self-supporting (standalone) CIEM solution.

In summary, a vision, a roadmap, or even a deployment plan should already be in place before moving forward with acquiring the CIEM component. If done too early, the return on investment could be slow to achieve; too late, and the company would be in firefighting and crisis management mode with all the disadvantages this could cause for its operations.

Again, the CIEM category is still young. Through acquisitions, mergers, or new formations, new vendors in this segment of the cloud security market could still appear in the years to come and add to those who have already taken their place. We anticipate tough competition among already established companies entering this market through the door of cloud security in the broad sense, or through the door of IAM and finally the CIEM native companies. The positions on the Radar may still change relatively often over the next few years.

Finally, regarding the functionalities of the CIEM product, the evolution will be toward the maturation of the functionalities already offered today by the majority of CIEM sellers, in particular by the advanced application of AI/ML, the discovery of ephemeral identities, the adaptability of finer remediation actions taking into account particular contexts such as DevOps or IaC in the management of identities and the granting of access, the inclusion of more and more services that run on cloud platforms under the monitoring of the CIEM, and extending CIEM to include additional CISPs.

To learn about related topics in this space, check out the following GigaOm Radar reports:

7. Methodology

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.

8. About Jamal Bihya

Jamal Bihya is a creative technology leader with over 30 years of experience delivering innovative, critical, and operational solutions for organizations across all business sectors. He is a highly analytical and accomplished professional who has led the planning, design, and implementation of solutions in various industries. Jamal has a proven history of excellence propelling organizational success by establishing and executing strategic initiatives that optimize performance. He has demonstrated expertise in the selection, planning, and implementation of solutions for enterprise and commercial applications, in the development of key architectural components, in risk analysis, and in leading all phases of projects. He has been recognized for promoting effective governance and positive change that has improved operational efficiency, revenues, and cost savings. As a seasoned communicator and recognized unifier, Jamal turned strategic ideas into reality through close coordination with engineering teams, stakeholders, and senior executives.

Jamal has worked for Alcatel, Motorola, and CGI and with IBM (amongst other global technology players) and has delivered projects in Africa, Asia, Europe, and North America.

Jamal is a pioneer in the agility of designing and delivering long-lasting and robust solutions. In his role as analyst, Jamal provides innovative technological and strategic solutions for organizations. He’s currently using his expertise to analyze processes and challenges related to cybersecurity and risk management with a particular interest in the concept of the Digital Identity.

9. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

10. Copyright

© Knowingly, Inc. 2024 "GigaOm Radar for Cloud Infrastructure Entitlement Management (CIEM)" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.

Interested in more content like this? Check out GigaOm Research Reports Subscribe Now