What is Prisma Cloud IAM Security?

Learn why the IAM Security module helps you reduce risk and improve your security posture.
Prisma Cloud IAM security capabilities help you evaluate the effective permissions assigned to users, workloads and data (also called entitlements) on your cloud provider so that you can properly administer identity and access management (IAM) policies and enforce access using the principle of least privilege.
IAM Security gives you:
  • Visibility
    —Improve the visibility of effective permissions to resources in the cloud accounts. The ability to query all relevant IAM entities including all the relationships between the different entities and the entities’ effective permissions across multiple cloud environments.
  • Governance
    —Monitor excess and unused privileges, provide out-of-the-box security best practices policies and review cloud identity compliance posture.
  • Response
    —Enables you to automatically adjust effective IAM permissions to take action and reduce risk.
The IAM Security module runs a proprietary algorithm to calculate effective permissions of the users across your cloud service providers. For example, in this AWS example, the algorithm combines various cloud sources such as AWS IAM roles, AWS IAM policies, AWS IAM groups, AWS resource based policies, and AWS service control policies (SCPs) to compute the net effective permissions of cloud resources. It extends the Config query in RQL (
config from iam where
) to help you gain visibility into the entities in your cloud environment.
For example, with the net effective permissions calculation you can now discover the permissions for a specific user in your AWS account or Azure tenant, or which users have access to a S3 bucket or an Azure storage account.

Recommended For You