Simplify Cloud Management
Spend less time on cloud management and more time on innovation with solutions to help you optimize, govern, and secure your cloud environment.
Products Built for a Multicloud World
The CloudHealth suite provides the visibility, optimization, and automation you need to remove roadblocks and empower your teams to focus on innovation.
Join the CloudHealth Partner Community
Managed service providers, global systems integrators, and other organizations partner with CloudHealth by VMware to help their customers accelerate business transformation in the cloud.
Resources to Help You Navigate a Multicloud World
The cloud world is dynamic and constantly changing. Our resources are built to answer your questions and share effective cloud management strategies from across the CloudHealth by VMware community.
About CloudHealth by VMware
CloudHealth by VMware is at the forefront of digital transformation, helping the world’s largest organizations fuel innovation and gain a competitive advantage in the cloud.
How To Simplify Identity Governance In The Cloud
Although identity and access management (IAM) solutions do a good job of controlling who has access to services and resources in the cloud, many businesses need to implement a system of identity governance in the cloud in order to provide further safeguards against unauthorized access and data loss.
Most businesses are aware of the difference between cloud management and cloud governance, but not necessarily aware of the difference between identity management and identity governance in the cloud—or, indeed, that there is a difference. This is most likely due to Cloud Service Providers supplying a range of excellent tools to securely manage access to services and resources, giving businesses reason to believe they have identity governance in the cloud covered. However, that’s not always the case.
If you are not familiar with the difference between cloud management and cloud governance, you can read up on the topic in our eBook “Accelerate Your AWS Journey to Reach Cloud Maturity”.
The difference between identity management and identity governance in the cloud
Identity and access management in the cloud usually consists of managing who has access to what services and resources in the cloud, and sometimes when (i.e. only during working hours) and from where (i.e. only from a range of IP addresses). Part of this role is to apply IAM best practices in order to enhance cloud security, and help prevent unauthorized access and data loss.
A level up from identity and access management is identity governance in the cloud. This consists not only of creating policies about who should be allowed access to services and resources (and when and from where), but also monitoring compliance with the policies, auditing the policies, analyzing their effectiveness, and amending them as necessary to provide further safeguards as required.
How to monitor identity and access management policies
Monitoring compliance with identity and access management policies should be straightforward if the policies have been applied correctly. However, sometimes mistakes happen—especially when there is a wide range of complex policies in use—so it is always worth monitoring that the policies and best practices have been applied correctly to avoid unforeseen lapses in cloud security.
How you monitor identity and access management policies will depend on factors such as the monitoring tools available, the business’s propensity to risk, the time available to monitor compliance, and the skill of the person(s) doing the monitoring. If, for example, you operate in the AWS Cloud, the monitoring tools available include CloudFront, CloudTrail, CloudWatch, Config, and S3 logs.
Using these monitoring tools, you can audit the source IPs of specific activities, the date and time they occurred, and which attempted activities failed due to inadequate permissions. By analyzing the results of the audit for anomalies and users with unnecessary permissions, you can fine-tune identity and access management policies to provide further safeguards against unauthorized access and data loss.
Simplifying the monitoring, auditing, and analyzing process
The process of monitoring, auditing, and analyzing the effectiveness of identity and access management policies can be long-winded depending on the volume of users, complexity of policies, propensity to risk, and—in particular—the skill of the person(s) doing the monitoring. Certainly you need a person with an understanding of networking, operating systems, and operational controls to execute the process competently - otherwise your identity governance in the cloud could be vulnerable to human error.
Could that person’s experience be put to better use within your business? More than likely. Therefore it is a good idea to simplify the identity governance process by automating as much of it as possible. To do this, all you need is a cloud management platform such as CloudHealth by VMware that can be configured to alert you to anomalies such as when a user is not assigned to an IAM group and events such as attempted activities that have failed due to inadequate permissions. Try CloudHealth’s alerts and IAM groups for yourself with a free trial.
CloudHealth Secure State Achieves AWS Security Competency Status
CloudHealth by VMware, the global leader in cloud management, announced that it has achieved Amazon Web Services (AWS) Security Competency status for its CloudHealth Secure…
Join the Cloud Management Community: VMware Multi-Cloud Briefing
Organizations of all industries and sizes are adopting a multi-cloud strategy to meet the demands of today and tomorrow. So much so, that 80% of organizations expect to…
Comparing AWS Cloud Management Tools for Cloud Cost Optimization
In our article series comparing AWS services for cloud cost management and optimization, we’ve already outlined our framework for cloud cost management maturity and compared…
Your Cloud Security Solution Checklist
With the rate at which workloads are deployed in the cloud and the number of people that can deploy at the same time, speed is key when it comes to cloud security posture…
Comparing AWS Services for Cloud Cost Visibility
In the first article of our series comparing AWS services for cloud cost management and optimization, we addressed key considerations for organizations looking into cloud…
CloudLIVE 2021: Adapting to a Faster-Paced, Multi-Cloud World
The realities of the past year fundamentally changed the way organizations invest in the cloud. With a renewed focus on resilience and efficiency, as well as accelerating…
CloudHealth Secure State’s Playbook to Operationalize Cloud Security Posture Management
Four years ago, when CloudHealth Secure State founders were researching the cloud market, it was hard to ignore the growing list of companies that ended up in the news…
Comparing AWS Tools and Services for Cloud Cost Management and Optimization
Enterprises worldwide are making increasingly large investments in public cloud infrastructure to benefit from the promises of improved agility, faster time to market, and…
CloudLIVE 2021: Security and Compliance at the Speed of Cloud
CloudLIVE 2021 is just a few weeks away! Last week, we highlighted some of the event’s customer-led sessions and key training courses focused on cloud financial management.…