Cloud Access Management Toolkit (CAMT)
What is a Cloud Access Management Toolkit?
The age of monolithic security processes and applications is coming to an end. The future of security is simple, integrated, and scaled across the entire technology team – and beyond.
We’re enabling security to be everyone’s job. So that your (smart) people can use their domain expertise and context to make great security decisions, quickly. Without needing a specialist.
In the future, non-security specialists will perform 90% of security operations successfully – without help from a security specialist and without having to use a siloed security tool. (They already do some of these security operations now, just not very securely nor quickly) This future will be available to the end user without having to purchase an ‘additional’ Security product. Because security will be baked into the product or workflow they are already using. The standardized cloud providers’ APIs and robust access control systems enable this future, but they prize power and flexibility over usability.
We need to simplify that complexity, because simple scales.
What do we need instead?
A Cloud Access Management Toolkit (CAMT) that enables non-security specialists to understand the effective access that Cloud IAM policies allow in simple language and use that same language to manage access to cloud APIs and data.
At a more technical level, a CAMT provides four key elements:
- A simplified access capability model that is cloud and application agnostic
- An access analyzer that reports effective access to cloud APIs and data
- Policy generators that create strong policies from users’ high level descriptions
- Integrations with the primary workflows of supported users
A CAMT integrates these elements into the user’s existing workflows as monitoring dashboards and reports, infrastructure code libraries, code review feedback, context & interfaces in IAM provisioning and governance product workflows, and access governance workflows in data management products.
So that everyone with a hand in building, operating, and even using cloud applications can secure them.
What do we mean by non-security specialists? (really, we mean Cloud Security Specialists)
Application, cloud, and security engineers, SOC analysts- even scientists and financial analysts.
How do we get to the future state of scalable security powered by non-specialists?
We need to make simple security available to the broad set of technology users by distributing k9’s CAMT through commercial channels with traction:
- Cloud Management Platforms, which primarily focus on enabling cloud adoption and spend, but also security
- Internal Developer Platforms, which enable efficient continuous delivery through productization of IaC and process
- MSSPs & XDRs, which are responsible for responding to alerts, but don’t have the context to prioritize risk
- Data Management platforms, which are focused on enabling a critical business function like scientific research, but also need to manage access securely and scalably