Michaels adopts least privilege access strategy with Prisma Cloud CIEM

In brief






United States and Canada

Products & Services

Palo Alto Networks Prisma® Cloud CIEM

Download PDF Share


Streamline IT operations while expanding cloud offerings

Michaels Companies is an arts and crafts retailer with 1,300 stores in the US and Canada. Adding online retailing and a makerspace where customers can share and sell projects they create required significant expansion into the cloud.

With 130 cloud projects, hundreds of developers, and many more machine identities—all with their own permission sets— Michael’s Identity and Access Management (IAM) processes were chaotic and inefficient.

Because the IAM security perimeter is critical for cloud computing, Michaels knew it needed something better.


Reduce attack surface with a least privilege access strategy

Michaels needed an IAM strategy that would reduce its attack surface with least privilege access principles while giving it the agility to rapidly respond to business needs. It wanted to simplify administration and right-size permissions with a role-based permission model, supplemented by tools that could automatically identify and remove unused permissions.

Achieving this would require deep visibility into who can take what actions on which resources, policies to determine when to revoke unused permissions, and simple procedures for employees to challenge automatic permission downsizing.

Michaels also wanted an easy-to-use interface for requesting additional permissions employees need to do their jobs. This would minimize the need for human intervention, while making it easy to tweak permissions as needed.


We have two goals for identity management. First, require the least amount of human intervention possible, and second, provide the easiest interface for requesting permission changes. Prisma Cloud constantly monitors permissions, minimizing unnecessary access.

— Wei Dong,
Global Head of Unified Vulnerability Management, Michaels


Prisma Cloud simplifies identity and access management

With Cloud Infrastructure Entitlement Management (CIEM) from Prisma Cloud, Michaels is able to manage permissions across all of its cloud projects. By organizing permissions across seven different business roles, Michaels is able to reduce the complexity of managing permissions for hundreds of employees and many more automated workloads by giving each identity a set of permissions which align to its role in the company and the principle of least privilege.

Prisma Cloud CIEM works well with Michaels’ existing tools, like ServiceNow, making it easy for employees to request permissions they need to do their jobs. It also automatically identifies unused permissions and simplifies the process of removing them, making it easy to fine-tune the least privilege access approach for maximum protection and flexibility.


Least privilege access improves agility and security

With an easy-to-use identity management workflow, Prisma Cloud CIEM helps Michaels increase its agility in responding to a range of business needs by significantly reducing the complexity of allocating and updating permissions.

It also provides centralized visibility into permission decisions. Because it works with Michaels’ existing systems, it has minimized employees’ learning curve.

Adopting Prisma CIEM has enabled Micheals to curtail administrative overhead and expand its cloud offerings while reducing its attack surface by right-sizing permissions.

Learn more about Prisma Cloud CIEM.