The (Mostly) Unbiased Guide to Identity Security Acronyms
Security is easier when teams are on the same page. Acronyms speed up this process. But when it comes to identity, it seems that the acronym creation machine has been working overtime lately.
Here’s our (mostly) unbiased guide to identity security acronyms.
Identity and Access Management (IAM)
IAM solutions act as digital bouncers. They verify who users are and what they can access before letting them in. These systems may leverage single sign-on (SSO), two-factor authentication (2FA), or multifactor authentication (MFA) to verify user identities.
Privileged Access Management (PAM)
PAM is a subset of IAM and is used to protect privileged accounts. In practice, it’s a specialized bouncer protecting a smaller, VIP-only area.
To reduce the risk of compromise, PAM implements the least privilege principle, where users are given only the access necessary to perform a specific task. User sessions are monitored and controlled, and users can be tossed out if their behavior is problematic.
Identity Threat Detection and Response (ITDR)
There seems to be a lingering, and very narrow, view of ITDR that limits the scope to actual attacks on the identity infrastructure itself (IAM, PAM, JIT). Our admittedly biased opinion here is that ITDR must span all systems and resources, not just the access points. These days, we must take an assume-breach mindset. It’s not IF credentials will be compromised, it’s WHEN. ITDR is responsible for detecting compromised credentials and insider threats.
Just-in-Time (JIT) Access
JIT takes PAM a step further by providing authorized, privileged users with a time limit. Permissions are only granted when needed, and permissions are automatically revoked after a set period. This would be the bouncer letting someone in, but with the expectation that they’re going to get kicked out after a period of time no matter how well-behaved they are. (Don’t worry—it’s the last bar analogy in this article!)
What does this accomplish?
Well, there is an important concept here called ‘no-standing privileges.’ At some point, we realized that when there are dozens, hundreds, or even thousands of users that have access to things, it becomes impossible to ever remove permissions without potentially stopping people from doing their jobs. So, once you grant permissions, they are effectively forever… unless you tell the user up front that their access is time-limited and they’ve got to come back and ask for more later. JIT does this.
Cloud Investigation and Response Automation (CIRA)
Is this just a cloud SIEM/SOAR? Maybe, but a really important one, so we’re fine with it and will endorse the existence of CIRA in the cybersecurity lexicon. The reality is that we built SIEM/SOAR technologies before today’s (2024) modern, multi-cloud enterprise, so it’s no surprise that updates are needed—even a full-on rebrand!
Simply put, the promise of CIRA is to provide security teams with full context in the event of a cloud security incident, with some automation capabilities to remediate/recover.
Cloud Infrastructure Entitlement Management (CIEM)
With multi-cloud now mainstream, companies have so many users with access and privileges in the cloud that the management of them has been given its own acronym. Isn’t this just IAM/PAM for the cloud, though? Maybe, but kind of like CIRA, we believe that it’s important enough to warrant its own thing. Cloud permissions and entitlements need to be tightly managed and have become an important part of most companies GRC processes (we’re not covering GRC here, Google it).
So, Do Enterprises Really Need All These Things?
Absolutely. Do we provide them? Not all of them, gosh, no. We’re a specialized vendor and likely the only that is focused specifically on detecting compromised credentials and insider attacks using behavioral analytics (ITDR + CIRA).
Boost your cloud security with Breez. Request a demo today.