Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
11-20-2023 03:13 PM
Hi Rajnishnsit2000,
Prisma Cloud CIEM is purpose-built to directly solve the challenges of managing permissions across AWS, Azure, and GCP. Prisma Cloud CIEM automatically calculates users' effective permissions across cloud service providers, detects overly permissive access, and suggests corrections to reach least privilege.
Specific to your question about zero standing access to AWS,
On a high level, Prisma Cloud's CIEM Module consists of 3 Pillars (Source, Granter, and Destination). The module integrates with identity provider (IdP) services like AWS IAM Identity Center and Okta to ingest single sign-on (SSO) data. It allows identities to request temporary access to resources on an as-needed basis, reducing the risk of having long-lasting unused permissions. With the JIT functionality, users and machine identities can be granted access only when they need it and for a limited time, reducing the overall attack surface and exposure of critical resources to potential threats. For example a user/machine may need to perform a job only at 9:30 am for 30mins. With JIT, you make sure that user/machine has a role that allow access only during that time and for that duration.
To learn more about Zero Standing Privileges (ZSP)? (And How They Work): https://www.strongdm.com/blog/zero-standing-privileges
References/Resources: You can find some great detailed resources about Prisma Cloud CIEM module here at the following links:
Let us know us if this helps with your inquiry, or if you have further questions.
Thank you,
