Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Looks to Improve Azure Active Directory Compliance and Security Breach Prevention

Microsoft recently announced that it acquired CloudKnox Security, a security management solution for businesses that use more than one cloud service provider. CloudKnox says that its solutions help IT departments “granular visibility, actionable insights, and control of machine and human identities with excessive high-risk privileges.”

Joy Chik, who is corporate vice president for Microsoft Identity, says that organizations don’t have tools to monitor and assess multicloud permissions. CloudKnox started life as an activity-based authorization product that tracks identity information across Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure, and VMware vSphere.

Today, the CloudKnox Cloud Security Platform consists of two components: Sentry and FortSentry. Sentry uses a Linux virtual machine installed in the customer’s environment. One Sentry appliance is required per cloud platform. Sentry collects privilege and activity information from each cloud platform and then sends the data to FortSentry.

Figure1 3 — Microsoft Acquires CloudKnox to Improve Azure Active Directory Compliance and Security Breach Prevention (Image Credit: CloudKnox)

CloudKnox claims that installation usually takes less than 30 minutes and once installed, data is pulled immediately from a cloud platform to the Sentry appliance. It then takes around 3 to 4 hours to collect three months’ data, providing a “three-dimensional view of all your machine and human identities, their actions (privileges) and the resources they have accessed at which point you can begin to protect your infrastructure from insider threats.”

Least Privilege for Identity and Access Management

CloudKnox helps IT departments apply the principle of least privilege to Identity and Access Management platforms across multiple cloud solutions. Just as it was and still is a problem for on-premises systems, users are often assigned more privileges in the cloud than required to perform their work duties.

Default roles are often used as a starting point when giving users initial access to cloud apps and infrastructure. Additional permissions or entitlements are then added as required. But even the default roles can lead to users receiving excessive or unused entitlements, which leads to increased risk for the organization.

Cloud Infrastructure Entitlement Management

CloudKnox is a next generation Cloud Infrastructure Entitlement Management (CIEM) solution that is designed to address the shortcomings of today’s Identity and Access Management platforms, like Azure Active Directory.

CIEM is based on a lifecycle framework that continuously discovers, manages, and monitors the activity of every identity, human and machine, over multiple cloud, and on-premises infrastructure. It also helps organizations enforce the principle of least privilege.

CloudKnox says that the CIEM framework is based on the following three stages:

Discover risk by uncovering who (identities) is doing what (actions), where (resources), and when across your cloud infrastructure
Apply the least privilege principle to manage risk which is ensuring identities have the least number of permissions needed to perform daily tasks for a specific amount of time
Monitor risk by continuously tracking and measuring changes in identity activity (behavior) and prioritizing alerts based on pre-defined risk criteria

Microsoft will use CloudKnox to further enable zero-trust security

Zero trust is a security framework that stems from the idea you shouldn’t trust anyone and always assume breach. Microsoft’s identity-centric zero trust model requires that every user accessing an application must be verified.

Zero-trust takes identity as the first line of defense. It lets organizations implement the strongest security and at the same time improve business agility. The acquisition of CloudKnox will allow Microsoft to help its customers more easily enforce least privileged access in the cloud.

As Microsoft integrates CloudKnox into its solutions, it will provide Azure Active Directory with granular visibility, continuous monitoring, and automated remediation for hybrid and multi-cloud environments. Microsoft says that it is committed to automating and simplifying access policy enforcement; providing the widest range of signal-enabling and precision-based machine learning detections; and seamless integration with other Microsoft cloud security services, including Azure Sentinel.

by Russell Smith
Aug 16, 2021

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.