* [Blog](https://www.paloaltonetworks.com/blog) * [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/) * [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/) * New Innovation Insight: C... # New Innovation Insight: CIEM Report from Gartner® [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgartner-ciem-2023-innovation-insights%2F) [](https://twitter.com/share?text=New+Innovation+Insight%3A+CIEM+Report+from+Gartner%C2%AE&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgartner-ciem-2023-innovation-insights%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgartner-ciem-2023-innovation-insights%2F&title=New+Innovation+Insight%3A+CIEM+Report+from+Gartner%C2%AE&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/gartner-ciem-2023-innovation-insights/&ts=markdown) \[\](mailto:?subject=New Innovation Insight: CIEM Report from Gartner®) Link copied By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde") Aug 23, 2023 5 minutes [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown) [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown) [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown) [Innovation](https://www.paloaltonetworks.com/blog/tag/innovation/?ts=markdown) As the cloud continues to dominate the operating landscape, it has also revolutionized identity and access management, giving rise to new challenges --- particularly with the proliferation of identities required by users, applications, services, and devices. The vast number of permissions available to grant identities, combined with a significant portion of high-risk, highlights the mounting challenge organizations face in managing access to data across cloud platforms. "Managing cloud permissions is challenging due to the number of assets and diverse authorization systems, worsened by the explosion of machine identities," says Gartner^®^. "Security and risk management leaders must combine traditional IAM and cloud security approaches with CIEM for efficient identity-first security." Gartner recently published its 2023*Innovation Insight: Cloud Infrastructure Entitlement Management (CIEM)*, which offers valuable insights for security and risk management leaders tasked with shaping cloud security strategies. By leveraging this research, professionals can evaluate CIEM capabilities, enabling them to make informed decisions and implement effective solutions to enhance their organization's cloud security posture. **Download** [your copy of the 2023 Innovation Insights: CIEM](https://start.paloaltonetworks.com/gartner-representative-provider-ciem.html). ## Fortifying Cloud Security with CIEM CIEM delivers essential visibility and a simplification of the process of identifying and addressing potential vulnerabilities. Depicted by Gartner, "CIEM capabilities help enterprises manage cloud access risks via administration-time preventive controls for the governance of entitlements in hybrid and multicloud infrastructure as a service (IaaS) and platform as a service (PaaS). They use analytics, machine learning (ML) and other methods to discover anomalies in account entitlements, like accumulation of privileges, and dormant and unnecessary permissions. Leading CIEM capabilities enforce least-privilege policies and remediate violations." Gartner lists these four core uses of CIEM: * Visibility of entitlements * Removing unused entitlements * Discovering other types of anomalies * Compliance automation ## CSPM and CIEM: Better Together While traditional [cloud security posture management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) focuses on identifying misconfigurations in security settings for cloud-native services, CIEM focuses on identity management. When these two tools are integrated, working together, configuration data can be correlated to prioritize actionable insights and analyze attack paths. For example, an overly-permissive identity (identified from CIEM) is riskier when associated with a publicly accessible cloud-native service (determined by CSPM) than an internal resource. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-303031-1.png) Figure 1: CIEM and CSPM Differences in Compliance (source: Gartner) ## Recommendations for Security Leaders The Gartner Innovation Insight offers several recommendations for security leaders evaluating CNAPP solutions. Palo Alto Networks has excerpted a few we consider paramount to securing your applications. * Focus on evaluating CIEM capabilities if you have a multicloud ecosystem to mitigate the risks of inconsistently defined and configured cloud permissions. * Use CIEM as part of a broader IAM and cloud security strategy. It can't replace full-featured IGA and PAM technologies, especially in organizations with lots of legacy and on-premises resources, nor can it replace traditional CSPM. * Use CIEM to manage entitlements of machine and human identities. * Use CIEM's advanced analytics for simplifying dynamic privilege management with reduced manual input. * Leverage CIEM in DevSecOps and infrastructure-as-code to provide visibility into unnecessary privileges and refining policies without disrupting developer flows. ## Prisma Cloud Delivers Cloud Infrastructure Entitlement Management Prisma Cloud's CIEM module delivers simple, consistent IAM across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). Accurately calculating net-effective permissions, Prisma Cloud helps organizations understand their multicloud identity risk, including identities managed with IdPs and SSO tools, such as Azure AD. ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-303031-2.png) Figure 2: Prisma Cloud CIEM workflow Organizations can rightsize permissions and employ automated remediation to continually adjust permissions, reducing the attack surface. Additionally, Prisma Cloud provides intelligent graph visualizations that enable IAM practitioners to see who has access to what across cloud environments. By integrating CIEM into its [cloud-native application protection platform (CNAPP)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform?ts=markdown), Prisma Cloud ensures the security of applications from code to cloud across multicloud environments. The platform provides comprehensive security, continuous visibility, and proactive threat prevention throughout the application lifecycle. As a result, Prisma Cloud facilitates effective collaboration between security and DevOps teams, accelerating secure cloud-native application development and deployment. In short, Prisma Cloud's code-to-cloud coverage addresses security needs at every stage of the cloud journey, covering code, infrastructure, workloads, data, networks, web applications, and APIs. With over 4 billion cloud assets secured and 1 trillion cloud events processed daily, you can trust Prisma Cloud to protect your cloud environments at any scale. Palo Alto Networks is proud to be recognized by Gartner as a Representative Provider for CIEM. ## Learn More You won't want to miss the Gartner research on CIEM. Read [Innovation Insight: Cloud Infrastructure Entitlement Management (CIEM)](https://start.paloaltonetworks.com/gartner-representative-provider-ciem.html) today. Gartner, Innovation Insight: Cloud Infrastructure Entitlement Management, by Henrique Teixeira, Abhyuday Data, Michael Kelley, 11 May 2023 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's Research \& Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. *** ** * ** *** ## Related Blogs ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown) [#### Anomaly Detection Policies for Unusual Workload Credential Usage](https://www.paloaltonetworks.com/blog/cloud-security/anomaly-detection-policies-workload-credential/) ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown) [#### Customizing IAM Policies: The Key to Meeting Your Organization's Unique Needs](https://www.paloaltonetworks.com/blog/cloud-security/customizing-iam-access-control-policies/) ### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown) [#### Prevent Lateral Movement With Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/prevent-lateral-movement/) ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown) [#### Why Are Net-Effective Permissions Critical for Cloud IAM?](https://www.paloaltonetworks.com/blog/cloud-security/net-effective-permissions-iam/) ### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown), [Identity Security](https://www.paloaltonetworks.com/blog/cloud-security/category/identity-security/?ts=markdown) [#### Is AI a New Challenge for Cloud Security? Yes and No.](https://www.paloaltonetworks.com/blog/cloud-security/ai-security-gap-cloud-models-agents/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown) [#### AI-SPM Update: 3 New Capabilities for Model Activity, Agentic AI and Software Supply Chain Risks](https://www.paloaltonetworks.com/blog/cloud-security/aispm-capabilities-enhanced-security/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language