Press Release

Sysdig Addresses Risk of Excessive Permissions with Cloud Infrastructure Entitlements Management

Nearly 80% of users have overly permissive policies that can be mitigated in less than two minutes

SAN FRANCISCO– October 27, 2021 — Sysdig, Inc., the secure DevOps leader, announced today the addition of Cloud Infrastructure Entitlements Management (CIEM) capabilities to the Secure DevOps Platform. Taking a zero trust approach, customers get instant visibility and control over cloud permissions. The Sysdig Threat Team found that nearly 80 percent of users have excessive entitlements due to overly permissive policies that allow full admin access in their AWS cloud. Sysdig customers can quickly remediate over-privilege access in less than two minutes. With the fix taking minutes, there is no excuse for not taking this step to reduce risk.

Blog: Cloud Infrastructure Entitlements Management (CIEM) with Sysdig Secure 

The Risk of Excessive Permissions in Cloud Infrastructure
According to Gartner®, “By 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.” (1) As organizations adopt the cloud, they struggle to gain visibility and control of access rights and permissions granted to cloud identities.

Traditional identity tools built for on-premises environments cannot keep up with the explosive growth and activity of users and services (for example: AWS Lambda functions) in the cloud. These cloud services often have excessive permissions to access sensitive data and can become an unsuspecting entry point for an attacker to exploit.

“Now within minutes, you know exactly what least privilege policy to apply across your cloud environments,” said Omer Azaria, Vice President of Research and Development at Sysdig. “In the cloud where many things are complicated, this is an easy one to fix. Why wouldn’t you just do it?” 

Take a Zero Trust Approach to Managing Cloud Permissions with CIEM
CIEM helps organizations adopt a zero trust model for Identity and Access Management (IAM) for cloud infrastructure. It provides visibility into all access risks, as well as the ability to remediate quickly. Whether it is a user or service, security teams can answer important questions such as: “What access permissions does the identity have?” “Are those permissions being used?” “Are they overly permissive?” “Has it done anything abnormal?” Teams can then enforce least-privilege access policies and grant just enough permissions to perform necessary actions. 

Automatically Right-Size Permissions Using an Integrated Platform
These excessive permissions can be corrected in the infrastructure as code templates within existing developer-centric workflows. By using an integrated security platform, teams can close the loop from source to production and minimize manual steps and recurring issues as part of their broader cloud security management efforts. 

CIEM Benefits for Sysdig Customers:
  • Gain visibility into all cloud identities and their privileges: Sysdig provides a comprehensive view into access permissions across all AWS users and services, including ephemeral services such as Lambda functions. With this, security teams know which cloud identities have access to sensitive cloud resources.
  • Enforce least privilege in less than two minutes: With Sysdig, users can eliminate excessive permissions by applying least-privilege policies. These “just-enough” permissions are automatically generated based on analyzing what entitlements are granted versus what is actually used.
  • Simplify audit of access controls to meet compliance requirements: Sysdig allows teams to regularly perform access reviews to evaluate active and inactive user permissions and activity. Users can meet specific IAM requirements for standards such as PCI, SOC2, FedRamp, and ISO27001. They save time with out-of-the-box compliance policies and on-demand reports. Sysdig also provides a detailed audit trail of all cloud permission changes as proof of compliance. 

By combining the CIEM capabilities announced today with its existing capabilities, Sysdig customers can proactively prevent cloud permission risk, scan for vulnerabilities and misconfigurations, and detect and respond to attacks across container and cloud environments.


[1] Gartner, “Managing Privileged Access in Cloud Infrastructure”, Paul Mezzera, 9 June 2020.

Gartner Disclaimer: GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.


Amanda Smith
[email protected]

Sysdig Logo

Sysdig is driving the standard for securing the cloud, empowering organizations to confidently secure containers, Kubernetes, and cloud services. The Sysdig platform enables teams to secure the build, detect and respond to runtime threats, and continuously manage cloud configurations, permissions and compliance. Sysdig is a SaaS platform built on an open source stack that includes Falco and Sysdig OSS, the open standards for runtime threat detection and response. The largest and most security conscious companies rely on Sysdig for container and cloud security. Learn more at