Skip to main content
The Technical Manager’s Guide to Zero Trust: Infrastructure

The Technical Manager’s Guide to Zero Trust: Infrastructure

This document is the fourth in the six-part Technical Manager’s Guide to Zero Trust series, which articulates critical links between zero trust (ZT) and security strategy within each of the six ZT pillars: identity, devices, network, infrastructure, applications, and data.

Executive Summary

Zero trust (ZT) often focuses on the “bookend” pillars of identity and data, expanding to include the adjacent pillars of devices and applications. But the central pillars of network and infrastructure (including both corporate compute/storage/virtualization and cloud-based platforms) are also critical to a complete ZT strategy.

Contemporary infrastructure often centers on outside-the-perimeter cloud resources, challenging security leaders tasked with establishing a resilient environment that provides confidentiality, integrity, and availability. To respond to the challenge of hybrid IT delivery, ZT infrastructure needs to support the identification of sensitive data. It must also establish the location of and protection for critical intellectual property assets potentially compromised by external vulnerabilities or by internal or external attacks that move laterally through the corporate IT environment.

Technical managers responsible for ZT infrastructure need to implement effective segmentation, standardized configuration management, consistent application of policies, and means of achieving needed visibility both across infrastructure and into links that connect with other ZT pillars. The combination of these measures enables ZT infrastructure managers to achieve key objectives:

  • “GOHIO” (“get our house in order”). 
  • Establishing business emphasis on and readiness for ZT infrastructure. 
  • Tearing down “new silos” created by SaaS, DevOps, and other advanced delivery approaches. 
  • Building the visibility needed to ascertain ZT infrastructure effectiveness, as both a discrete discipline and as a critical aspect of the corporate ZT strategy.

By following a path that includes identifying the most urgent vulnerabilities before a breach – mitigating corporate risk by tying ZT infrastructure investments to business priorities, deploying technologies that enable ubiquitous auditing and alerting, and forging seamless connections to other ZT pillars – ZT infrastructure managers can address pillar-specific requirements and contribute meaningfully to the overall success of the organization’s ZT strategy.

Defining the connections between zero trust and infrastructure

One of the key drivers of zero trust as a necessary successor to the traditional “moat and castle” approach to security was cloud computing: Cloud’s omnipresence made protection predicated on a hardened perimeter obsolete. As one Stratascale SME noted, we no longer have just one “castle” to protect – a company could have hundreds of assets and environments to protect, all over the world.

Cloud is also the key link between infrastructure security and zero trust. Businesses are looking to establish what one contributing SME referred to as the “triad of confidentiality, integrity, and availability.” They are hampered in this by:

  • An inability to extend familiar processes and tools from on-premises facilities to cloud infrastructure. 
  • Challenges in integrating cloud-relevant analogues into a seamless management perspective.

“The idea of ‘cloud first’ oftentimes is not backed up by having a documented strategy about how to move to the cloud,” one Stratascale SME observed. This can create “a huge blind spot” with respect to data locations, dependencies, and potential vulnerabilities, as top-down mandates collide with the day-to-day responsibilities of the infrastructure security team. To bridge this gap, the entire organization needs to agree on an adoption plan that spells out ways that the infrastructure security group can meet the combined objectives of cloud and zero trust strategies.

Businesses understand the need to align their security posture with the realities of hybrid infrastructure – to “transition from a perimeter-based model into one that's fully matured, and which considers the whole attack surface,” as one SME explained. From a zero trust perspective, infrastructure complexity extends well beyond cloud and on-premises, . It extends to an edge that includes a dizzying array of single-purpose IoT devices vulnerable to compromise, and to APIs, containers, microservices, and other logical infrastructure components that communicate both internally and externally. This increases the infrastructure attack surface, reduces the value of deploying security at a defined perimeter, and underscores the need for a zero trust approach that establishes the validity of each connection as it occurs.

Faced with these complex challenges, an infrastructure security team needs to connect deeply into the infrastructure management process. IT and security groups need to work in concert to ensure that internal teams are using hardened images, to keep configurations consistent with enterprise architectural designs, and to maintain workload identity management and access controls.

This process of connecting security principles, objectives, and activities to the workflows used in design and build of critical digital business components is replicated across each of the ZT pillars, as IT, security, and related business units look to isolate complicating factors, align processes to requirements, and develop task and target clarity, with each pillar’s actions and controls both achieving discrete outcomes and supporting overall ZT objectives. Infrastructure security (along with the security teams in the other ZT pillars) is wrestling with complex issues. Clarity, team collaboration, and alignment enable each group to address its particular issues while contributing to the overall ZT strategy, as illustrated in the following image.

going from confustion and complexity to strategy and alignment

At the same time, there is at least potential for another blind spot to arise in pursuit of resiliency. Resiliency dominates many security-related conversations, since it attaches to highest-priority business objectives: the ability to maintain business operations in the event of a cyberattack, the capacity to protect corporate data, and the need to defend against ransomware.

These are all essential corporate goals, but they don’t fully define how security approaches need to shift in response to changes in underlying technology. At a fundamental level, the security function needs to deliver confidentiality, integrity, and availability. This is a challenge in a hybrid environment where data is stored across cloud and on-premise facilities – a challenge that zero trust, which aligns data security with identities, across devices, applications, networks, and infrastructure, is uniquely able to address.

Takeaway: Cloud and the reality of hybrid IT delivery that places data in multiple locations – and corporate need for resiliency – create a critical link between infrastructure and a need to embrace ZT. In the words of a contributing SME, “We need to move beyond ‘cloud first – and security third.’”

Drivers of ZT interest and investment in infrastructure security

“Investment in ZT pillars is all about zero trust for a business objective. It is not a security process.”

Zero trust success requires security leaders to connect their focus areas to business priorities.1 And from a ZT perspective, interest in infrastructure security starts with data. “The data is the key piece to this,” one contributor stated. “You know you have to protect your data whether it's at rest or in flight. Who has or had access to it, when did they have access to it, and what's being done with it?”

These questions extend throughout the technology stack; it would be fair for an IT or business executive to ask an infrastructure security manager questions like, “we have a zero trust approach to storage – but is our backup zero trust, too?”

Contributors to this document stressed the need to position ZT infrastructure in business terms. “You have to get all the way down to the product owners and the portfolio managers,” one Stratascale SME insisted. “Those are the real business influencers – the people who take business strategy and try to operationalize it. And that's where ZT-responsible infrastructure security managers need to be fitting in. Because if the product owner for an application or a service is shouting, ‘hey, we need to comply with GDPR,’ that really sets the tone, prompting business staff to reach out to a security champion in search of expertise, or to just ask the question, ‘how do we secure this entire process?’”

The invisible middle?

Despite the guidance above, with very rare exceptions, business product owners will not understand the connection between taking a ZT approach to infrastructure and achieving better compliance and security for their application or process: They are most apt to focus on data and applications and, secondarily, on devices and identity.

The “infrastructure is essential to our overall ZT approach” message may resonate with more technical stakeholders, but security leaders will need to connect the dots – with top-down support for the overall strategy from the executive team or board – to obtain buy-in for strategies focused on ZT’s “middle pillars,” particularly infrastructure and potentially network as well.

Three common problems

In discussion with the Stratascale research team, a client CISO stated that “most companies with at least 10 to 15 years of history, if they’re honest with you, will tell you that they have three problems:

  • They have an Active Directory problem because too many people have had hands in there for too many years. People are scared to touch it. 
  • They probably have a Java or a .Net problem because they have big monolithic systems that are old and will fall over if you look at them funny. 
  • They have a segmentation problem, because they had one data center that they put everything in. Then they said, ‘we’re going to DR, so we add another data center.’ And everything lives in the same space. And so in most organizations, the data landscape looks much like the landscape of Indiana – flat, and you can see forever.”

The CISO went on to explain that in their organization, “ZT is mostly a means of limiting the blast radius when something bad happens.” In particular, attention needs to be paid to dependencies between applications and how the infrastructure can securely support these connections. “You have to start looking at, what are the integrations, what are the touch points. And again, for a company that's been around for a number of years, you've got touch points nobody knows about, you're moving data around that nobody had thought about for 10 years – is it still moving or not?” Zero trust gives security managers a way “to segregate those pieces and get to something that is tolerable for the average user.”

The bottom of the iceberg

Stratascale SMEs reviewing this section noted that it highlights an underlying problem that is common across many different environments: “the infrastructure group has been tasked with supporting too much. There is a proliferation of components as line of business, product, application, and business owners continue to pile on more new technology without sloughing off the old.” This leads to ever-increasing complexity – and, as one SME stated, “all sorts of hidden risk. Infrastructure doesn't get more headcount; they are just continually asked to do more with less. As a result, infrastructure teams drop problem management and vulnerability management because they don't have the time” to both support critical systems and systematically address a backlog of potential flaws. But, the SME continued, “the business doesn't care because that risk is all invisible. It doesn't see the effect.”

There is no silver bullet approach to redressing these issues, but ZT infrastructure teams can look to advance one or more of the following practices:

  • Reduce the attack surface by decommissioning out of date/end of life products.
  • Impose governance policies that require internal teams (business units, applications delivery groups, engineering teams) to absorb charge backs for technical debt associated with use of outdated/unsupported operating systems or other core software components. 
  • Establish KPIs and metrics that tie vulnerability management and/or problem management to the ZT strategy (see “ZT infrastructure metrics,” below).

Takeaway: From the perspective of effectively extending ZT to infrastructure, security managers need to establish standardized configuration management, consistent application of policies, and a means of achieving needed visibility. The technical manager needs to be able to answer questions like, “Have we consistently provisioned devices?” “Are security policies consistently applied when these devices are being deployed?” “Have we mandated that we unplug devices that are no longer needed but which represent a potential attack vector, or which create vulnerabilities that are disproportionate to their continued utility?”

One contributor observed that this is “a great plug for infrastructure as code, which provides you with visibility and standardization. If you let the process handle acquiring and configuring the infrastructure, you don’t have the human error problems that we see a lot in configurations,” and you can readily identify opportunities for rationalizing infrastructure.

Key ZT infrastructure security priorities

It can be difficult to separate ZT infrastructure security priorities from the approach used to secure the business as a whole: Infrastructure is so intrinsic to a digital business that vulnerabilities here are vulnerabilities for the entire organization, and ZT infrastructure priorities map directly on top of overall ZT strategy. Drilling into issues that are within the control of a technical manager charged with infrastructure security, though, contributors to this document offered concrete advice on three core issues:

 

  • Understand – in detail – what you are managing and how your core infrastructure is built and deployed. How many AWS, Azure, and GCP accounts do you have? Which services are you using in AWS/Azure/GCP? How quickly can you develop or build new capabilities – and how are these new functions secured before they are deployed? One contributor noted that in many places, if you ask questions like this, infrastructure security teams “will look at you like you're speaking in a foreign language .” But this level of insight and understanding is fundamental to ZT infrastructure and to establishing principles that will support ongoing development of digital business capabilities.
  • Ensure effective segmentation – limit the blast radius. “If somebody does compromise one area of your infrastructure, how far can they get and what do they need to do to jump over to the next one? If you have that identified, that's a big step.”
  • Capitalize on insight into vulnerabilities and attackers. “It’s important to have risk and threat intelligence, to prioritize vulnerability management across ZT pillars and within infrastructure.”

 

Takeaways: ZT infrastructure priorities underscore a need for continuous improvement. In the words of a Stratascale SME, “Nobody will ever be purely secure. But if every day I take on a problem and solve one aspect of it and move the needle…you don't have to make huge jumps to move that needle – to have a large cumulative impact. I think a lot of people forget that. Start with the fundamentals, keep building on them. It goes back to a culture with everyone continuously asking how do we get better?”

However, continuous improvement requires access to resources – time, staff, technologies – that support ongoing progress. Infrastructure may not be (often, is not) a key priority for security upskilling/upleveling, but the requirement to applications and data and the components needed to support and deliver them is clear. ZT infrastructure managers need to work with CISOs and IT leaders to ensure that skills and investment plans extend to areas needed to maintain currency and build capability in ZT infrastructure.

Defining the path to ZT infrastructure

Each document in the Technical Manager’s Guide to Zero Trust series incorporates a roadmap providing practical guidance to readers looking to implement ZT within their areas. The advice offered by contributors to this document addresses four key steps:

 

  1. Start before you’re breached. “Many companies start looking at zero trust fundamentals and architecture after an incident: They've had a ransomware incident, they've had a breach, they've had something happen. What they often do next is to go after low hanging fruit – but what they should do is go through the entire IT infrastructure to figure out where all the vulnerabilities are and to identify the ones that require the most urgent remediation – not just address the first vulnerability they discover, or the lowest hanging one.”
  2. Focus on mitigating corporate risk. “What is the potential financial and reputational cost to the organization if a breach occurs? And how far are you willing to go to address vulnerabilities? Is that cost of financial or reputational damage arising from a breach going to justify the headcount, software, and hardware needed to secure against a ransomware exploit]? Or do you take that risk? That's a business decision, taken with your legal department, I hope.”
    • Note: Managers responsible for ZT infrastructure security need to understand the financial ledger associated with threats and remediation – they need to be able to articulate the cost and value of defense in financial terms accessible to IT and business leaders. Established third party approaches, like FAIR, can be helpful in quantifying risk and remediation benefits in financial terms.
  3. Deploy ubiquitous auditing and alerting. It’s essential to deploy “auditing and alerting around those critical infrastructure pieces…what do you do to identify unusual patterns, what do you do when they are identified?” Automating the aggregation and prioritization of alerts and implementing processes to ensure that responses are timely and effective help align activities and resources with areas of greatest need.
  4. Ensure seamless connections to other ZT pillars. “In this conversation, which is explicitly tied to infrastructure, we've been drawn into identity. We've been drawn into data. We've been drawn into applications and network and all the other pillars…the infrastructure team needs to work seamlessly with other security functions to extend ZT across the enterprise.”
start before you're breached

ZT infrastructure roadblocks and challenges

zt infrastructure roadblocks

ZT infrastructure security offers compelling benefits, and the graphic above defines a workable path for technical managers responsible for its execution. However, no strategy is immune to real-world challenges. Where are these most likely to arise on the path to establishing ZT infrastructure? Stratascale SMEs contributing to this document identified five impediments that infrastructure security managers may encounter during their ZT journey.

  • The sheer magnitude of the work. “What’s the biggest inhibitor to ZT progress? The overwhelming thought of it. As you start really analyzing it, you think, oh, we're at a 1 on a scale to 5 everywhere. It'll take us eight years to get there. We'll never get ahold of this. We'll never finish this process.”
  • Bridging the gap between expectation and execution. “Zero trust is not a magic incantation or spell which you can utter with some blue smoke and then all of a sudden, it's implemented. It is complex, and I think that's one of the key answers to the question about roadblocks: Organizations don’t fully understand what they're signing up for when they embark upon zero trust. And that's a hard conversation, setting expectations, because then you have all of the ideas that follow, things like ‘who will be the executive-level champions and sponsors?’ Somebody's got to sign up for it. What is the expected cost going to be? Because there's going to be a significant investment as well.”
  • Connecting infrastructure to other ZT pillars. “Siloed mindsets. Tech professionals sit in their own pillars. Being able to break down those silos and connect technology teams together is crucial.”
  • Building an incremental plan for the business rather than reacting to vendor claims and promotions. “Understand your current capabilities. This helps the business to fend off vendors from coming in and train wrecking the ZT roadmap. A lot of companies have current capabilities, but the vendors bring a [ZT-labeled product] in and it's not interoperable – it doesn't really work with the technology that you have in place.”
  • Skills drive (or inhibit) success. “Security team skills are critical. Can the security team drive ZT infrastructure conversations, thoughts, concerns, to App Dev? To quality assurance? To finance?”
zt infrastructure roadblocks

Important ZT infrastructure technologies and management imperatives

As part of its Executive Guide to Zero Trust research series, Stratascale published the report, Key Zero Trust Technologies and Management Imperatives. The ZT Infrastructure section of this report highlights the following as technologies that managers should understand as they plot their ZT infrastructure strategies:

Configuration Management Database (CMDB)

CMDB is seen as a non-negotiable starting point for ZT infrastructure. As one contributor said, “You’d better have a list of all of your servers, all of your domain name system (DNS) services, your domain controllers, directory services, your services in Azure and AWS…you can’t function without it.”

Configuration management

Stratascale’s SMEs emphasized that configuration management, separate from the CMDB, is also a crucial capability to operate within a ZT framework. Configuration management enables security teams and their IT counterparts to establish system hygiene: for example, to ensure that systems have an approved operating system, that they have approved EDR (extended detection and response) protection, and that the systems are connected to the correct subnet. Configuration management provides an important ZT infrastructure control.

Cloud Workload Protection Platform (CWPP)

Cloud workload protection touches on both infrastructure and application security, stretching across two ZT pillars. Infrastructure and applications are tightly coupled, and application monitoring is important to each area. CWPP, which protects workloads as they move from one cloud environment to another, is positioned within infrastructure because it provides a critical monitoring capability to organizations that need to ensure cloud-based functions or applications can support complex processes – those involving extensive interactions between separate applications or software functions and associated data – without introducing vulnerabilities.

Cloud Infrastructure Entitlements Management (CIEM)

Cloud infrastructure entitlements management – “the other CIEM (SIEM)” – is an important tool in the ZT infrastructure management toolkit. One of the complicating factors with hybrid delivery platforms is that different suppliers may define access rights inconsistently and these rights may not align with internal controls. CIEM gives ZT infrastructure management insight into areas that might not be visible in tools that tie to specific environments.

Physical Infrastructure Access Management

Physical factors are easy to overlook in an industry swamped by digital vulnerabilities. But security leaders need to restrict access to systems to avoid both malfeasance and accident while also ensuring that their own staff can perform hands-on fixes if required.

No senior executive would be pleased to learn that their organization suffered a loss or outage because of an unplugged power line or data cable, or because a technician was able to attach a device to a server that provided access to unencrypted internal data. It can be difficult to establish physical access and security across on-premises, managed, colocation, and cloud environments, but this is a meaningful consideration in infrastructure planning and in support of a ZT infrastructure strategy.

ZT infrastructure metrics

As part of its zero trust research program, the Stratascale team has developed the Stratascale Zero Trust Metrics in Context and Action (Stratascale ZT-MICA) tool. This tool embeds a robust set of metrics that combine to provide strategic insights to executives, operational perspectives to IT and security management, and tactical data to managers responsible for ZT within each of the six pillars.

Metrics contained within Stratascale ZT-MICA for ZT infrastructure security management include:

  • Percentage of servers/VMs/microservices enrolled in configuration management. 
  • Percentage of servers/VMs/microservices utilizing ZSP/JIT admin access. 
  • Percentage of servers/VMs/microservices requiring MFA for admin access. 
  • Number of servers/VMs/microservices with unpatched medium/high vulnerabilities. 
  • Percentage of servers/VMs/microservices automatically deployed. 
  • Percentage of servers/VMs/microservices manually deployed. 
  • Percentage of servers/VMs/microservices utilizing micro-segmentation. 
  • Number of critical/sensitive servers/VMs/microservices with 3rd-party privileged access. 

Collectively, these measurements help infrastructure security managers assess readiness and progress over time and identify and respond to areas of need before they are exploited.

ZT Infrastructure recommendations

At the end of the research discussion, contributing SMEs were asked to propose recommendations that will help Stratascale client managers to succeed in establishing zero trust infrastructure security. These recommendations included:

  • “GOHIO.” The appeal to start ZT with concentrated effort to “Get Our House In Order” permeates Stratascale’s zero trust research. In the context of infrastructure ZT, this includes issues like ensuring that asset management and vulnerability management and patching are current and comprehensive.
  • Understand – actively, and as a first priority – business appetite for ZT, cultural readiness, current security posture, and anticipated costs. “This is about education – explaining what zero trust truly is. It’s important to do your baseline assessments, to ascertain the real business appetite for ZT adoption and the change it entails and to understand whether the culture will support the security mindset that ZT calls for.”
    • Often, infrastructure managers will bring in expert third parties (such as Stratascale) to help clarify how ZT infrastructure works in an enterprise setting and to build organizational alignment around the ZT path.    
  • Tear down the new silos. “In the past, IT has (at least in some environments) succeeded in tearing down the slides of storage, networking, and servers. Now it's time to tear down the business application silos, the Software as a Service silos, the cloud silos.”
    • “You’ve got to tear down that ‘fear wall’ of the security team. Those guys do everything secretly, emerging only to be the department of ‘no’. Security has to be actively engaged in the corporate conversation around risk and prevention.”
  • Invest in building visibility. This extends in multiple directions: visibility needed to “understand where the infrastructure exists;” to understand (in detail, and using metrics) current security posture; to understand “how infrastructure interoperates with the other pillars.”

Vendors active in the ZT infrastructure space

In its “Zero Trust Vendors to Watch, Know, Understand: ZT Infrastructure” series, Stratascale experts reviewed 128 vendors to identify those that could be important to ZT infrastructure strategies in the four product-defined areas: CMDB, Configuration Management, CWPP, and CIEM.  These areas are covered in the “important ZT infrastructure technologies and management imperatives” section of this document.

Caveats to consider in reviewing the lists below:

  • In each area, we included vendors only if they were both familiar to our team of experts from our work with clients and considered relevant to both the category and to zero trust network strategy.
  • Reviewers also drew a distinction between vendors who are broadly applicable in the enterprise environments that Stratascale addresses (generally, Fortune 1000 businesses), and those which are relevant in specific niches, but not across all potential enterprise use cases.
  • As a default in this document and others in the Technical Manager’s Guide to Zero Trust series, firms which have been acquired are listed under their original names, with notes in the profiles included in the linked documents indicating the acquiring company. This gives readers a chance to see how specific capabilities have been aggregated via acquisition.

Results of these analyses are available in individual reports (linked via the section headers below). Vendors discussed in these reports include:

Configuration Management Database (CMDB)

Vendors that should be considered by buyers looking to build or enhance enterprise ZT infrastructure CMDB capabilities, listed in alphabetical order:

  • Atlassian
  • Device42
  • ServiceNow

Vendors that address specific ZT infrastructure CMDB requirements and may fit specific needs, but which don't apply to a broad spectrum of enterprise ZT infrastructure CMDB use cases:

  • Cisco
  • Palo Alto Networks
  • Skybox Security

Click here to access the Zero Trust Vendors to Watch, Know, Understand: ZT Infrastructure – CMDB report.

Configuration Management 

Vendors that should be considered by buyers looking to build or enhance enterprise ZT infrastructure configuration management capabilities, listed in alphabetical order:

  • Amazon Web Services (AWS)     
  • Ansible
  • Chef     
  • Cloudify             
  • HashiCorp         
  • OpenStack        
  • Pulumi 
  • Puppet
  • RackN  
  • SaltStack            
  • SolarWinds       
  • Spacelift            
  • VMware
vendors

Vendors that should be considered by buyers looking for suppliers that can help to build or enhance enterprise ZT infrastructure configuration management capabilities and patch management capabilities, listed in alphabetical order:

  • Adaptiva
  • Axonius
  • Kaseya
  • Microsoft
  • Red Hat
  • Tanium

Vendors that should be considered by buyers looking specifically to build or enhance enterprise ZT infrastructure patch management capabilities, listed in alphabetical order:

  • Automox
  • JetPatch
  • ManageEngine
  • Symantec

Vendors that address specific ZT infrastructure configuration management requirements and may fit specific needs (via plug-ins), but which don't apply to a broad spectrum of enterprise ZT infrastructure configuration management use cases:

  • Atlassian

Click here to access the Zero Trust Vendors to Watch, Know, Understand: ZT Infrastructure – Configuration Management report.

Cloud Workload Protection  

Vendors that should be considered by buyers looking to build or enhance enterprise ZT infrastructure CWPP capabilities, listed in alphabetical order:

  • Alcide.io            
  • AppGate            
  • Aqua Security   
  • Carbon Black    
  • Cisco    
  • CloudPassage   
  • ColorTokens     
  • CrowdStrike      
  • F5 Networks     
  • GuardiCore       
  • iboss    
  • Illumio 
  • Lacework           
  • Lightspin            
  • Microsoft          
  • NeuVector        
  • Palo Alto Networks        
  • Qualys 
  • Sophos
  • Sysdig  
  • The PureSec Serverless Security Platform            
  • Trend Micro      
  • Tripwire             
  • TrueFort            
  • Twistlock           
  • Virsec  
  • VMware            
  • Zscaler

Vendors that address specific ZT infrastructure CWPP requirements and may fit specific needs, but which don't apply to a broad spectrum of enterprise ZT infrastructure CWPP use cases:

  • Amazon Web Services (AWS)     
  • Bitdefender      
  • Capsule8           
  • Cloudvisory      
  • Fortinet
  • Hytrust
  • Polyverse          
  • Symantec          
  • Trellix

Click here to access the Zero Trust Vendors to Watch, Know, Understand: ZT Infrastructure – Cloud Workload Protection report.

 

Cloud Infrastructure Entitlements Management (CIEM)

Vendors that should be considered by buyers looking to build or enhance enterprise ZT infrastructure CIEM capabilities, listed in alphabetical order:

  • Authomize        
  • BalkinID             
  • BeyondTrust     
  • Britive  
  • Check Point       
  • CloudKnox Security        
  • CrowdStrike      
  • CyberArk           
  • Ermetic
  • ForgeRock         
  • Obsidian Security           
  • Okta     
  • Omada
  • One Identity     
  • Palo Alto Networks        
  • SailPoint            
  • Saviynt
  • SecurEnds         
  • Sonrai Security

Vendors that address specific ZT infrastructure CIEM requirements and may fit specific needs, but which don't apply to a broad spectrum of enterprise ZT infrastructure CIEM use cases:

  • EmpowerID      
  • OpenIAM

Click here to access the Zero Trust Vendors to Watch, Know, Understand: ZT Infrastructure – Cloud Infrastructure Entitlements Management report.

This is the fourth of six documents included in Stratascale’s “Technical Manager’s Guide to Zero Trust” research series. We have also published an eight-part companion series (“The Executive Guide to Zero Trust”) which is available on the Stratascale website.

Readers interested in specific manager-level perspectives on zero trust may wish to explore the other deliverables in this series:

  • The Technical Manager’s Guide to Zero Trust: Identity.
  • The Technical Manager’s Guide to Zero Trust: Devices.
  • The Technical Manager’s Guide to Zero Trust: Network.
  • The Technical Manager’s Guide to Zero Trust: Infrastructure.
  • The Technical Manager’s Guide to Zero Trust: Applications.
  • The Technical Manager’s Guide to Zero Trust: Data.
  • The Technical Manager’s Guide to Zero Trust: Understanding ZT Pillars (ebook consolidating all reports).
  • Stratascale Zero Trust Metrics in Context and Action tool (Stratascale ZT-MICA) (downloadable tool – no cost, registration required).

[1] This topic is explored at length in the Zero Trust Sponsorship and Commitment section of Stratascale’s Executive Guide to Zero Trust: Drivers, Objectives, and Strategic Considerations series.

Use this form to request access to our Zero Trust Metrics in Context and Action (Stratascale ZT-MICA) tool

Director, Community Ecosystem Engagement - Cybersecurity

Michael is a world-leading IT industry analyst. He has led North American and global initiatives focused on developing insights and strategies that connect technology solutions with business needs, combining data, knowledge, analysis and advanced content delivery to define options for IT and buy-side businesses.

Related Posts