Introducing Azure Least Privilege: Enforce least privilege access for Azure environments

Wiz extends its CIEM capabilities to enable least privilege access for Azure environments.

2 minutes read

Today, we are excited to announce a new capability for all Wiz customers - Azure Least Privilege. This new capability enables Microsoft Azure customers to enforce least privilege access by identifying and removing excessive privileges. Eliminate the manual steps to understand effective permissions, analyze who has access to what, and leverage Wiz’s recommendations to reduce the risk of stolen credentials and lateral movement.  

Permissions are the new attack surface  

The dynamic nature of the cloud makes it easy to spin up resources and grant entitlements without much thought of the practical gap between granted and used entitlements. Teams often copy existing role-based access control (RBAC) profile entitlements to new accounts without much analysis. The net result is many users and accounts have excessive permissions that are unlikely to be used but represent security risks.  Attackers often exploit these unnecessary permissions to escalate privileges or discover lateral movement paths to gain access to your crown jewels. Gartner states by 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.  

Additionally, compliance regulations like PCI, SOC2, and FedRAMP have Identity and Access Management (IAM) requirements that limit users and service accounts with excessive permissions. Organizations that use Azure need to be able to audit, report and remediate excessive entitlements. 

Native tooling in Azure suffers from significant gaps in usability that make it hard for organizations to analyze effective entitlements. Analyzing effective permissions using Azure Access review requires extensive manual effort by administrators to audit permissions without any guidance or automation to remediate excessive entitlements. It is, at best, a guided walkthrough of permissions management. 

Introducing Azure Least Privilege – Right sizing permissions to enable least privilege access  

Wiz’s new capability - Azure least privilege enables administrators that need to reduce risk and meet compliance mandates to enforce least privilege access accounts. Wiz now lets you enforce least privilege access in your environment by finding, auditing and recommending removal of excess permissions. 

Visualize entitlements on the Wiz Security Graph.
Wiz gives you recommendations to remove excessive entitlements.

These excessive permissions could be unused permissions and services determined for each role assignment, services that have never been used according to Azure cloud events, or inactive accounts. Azure least privilege compares the permissions that each account has used with the total permissions the account has enabled and flags unused permissions and services. Wiz also flags inactive accounts for remediation steps. All these findings are conveniently visualized on the Wiz Security Graph. Organizations can use this feature to reduce risk and prevent the likelihood of an attacker gaining access to an over privileged compromised account and performing lateral movement. This feature can also help admins be more efficient, reduce manual reviews by enabling easy entitlement auditing and navigate the shortfalls of native tooling for compliance requirements.  

Contact us to schedule a demo, or learn more about our CIEM capabilities on the solution page.   

Secure everything you build and run in the cloud

Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, and Kubernetes so they can build faster and more securely.

Continue reading

Top Security Talks from AWS re:Invent 2022

AWS re:Invent is the largest conference of the year for Amazon Web Services (AWS) with hundreds of talks. We picked our favorite cloud security talks that are available online.

Uncover what is really deployed in your environment with the enhanced Wiz inventory

Wiz adds full detection of cloud services for deeper visibility and control over shadow IT.

Navigating the road ahead for CISOs following the Uber verdict

Hear from industry experts to understand the challenges ahead and best practices CISOs can follow to avoid issues in the future.