Cloud security company Lacework Inc. today announced new cloud identity and entitlement management or CIEM features that it says will improve the observability of cloud identities and help identify potential identity threats.

The new features are designed to help organizations understand which actions can be performed by specific identities and assess each identity’s risk. The platform dynamically discovers all cloud user identities, groups, roles and permissions to spot identities with excessive privileges. Lacework’s CIEM platform then calculates a risk score for each identity and gives recommendations for adjusting permissions based on past observations.

Lacework argues that with hyperscale cloud providers offering more than 35,000 granular permissions, it’s often difficult for organizations to limit unnecessary access. Cloud users and instances are regularly granted more permissions than they require, opening the floodgates to potential cloud breaches, account takeovers and data exfiltration. The problem is exacerbated because of machine identities in the cloud typically outnumbering humans by a factor of 10.

Lacework’s solution is designed to combat the problem head-on, dynamically discovering all cloud user identities, groups, roles and their corresponding permissions. By identifying user identities, the platform allows for automatic correlation between granted and used permissions and users with excessive privileges.

The features facilitate continuous compliance with identity and access management security and regulatory requirements, limiting the fallout of compromised cloud accounts and identifying risky behavior patterns without the need for writing rules or stitching together disparate alerts.

“Our customers need to know what entities are actually doing in their cloud and whether it’s malicious or inappropriate and it can’t get in the way of their ability to move fast,” Adam Leftik, vice president of product at Lacework, said ahead of the announcement. “Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritize and respond to identity alerts.”

Lacework is a venture capital-backed startup, having raised $1.9 billion, according to Crunchbase, including a round of $1.3 billion in November 2021. Investors include Google Ventures LLC, Franklin Templeton Investments, Alumni Ventures Group LLC, Liberty Global Ventures LLC, Dragoneer Investment Group LLC and Altimeter Capital LP.

Image: Lacework