An Intelligent Substitute for Entra Access Governance
Microsoft has officially announced the discontinuation of Entra Access Governance (formerly known as CloudKnox), effective June 30, 2025.
Microsoft has officially announced the discontinuation of Entra Access Governance (formerly known as CloudKnox), effective June 30, 2025.
EAG provided valuable insight into cloud access, aiding teams in identifying overly privileged users across AWS, Azure, and GCP. However, for many businesses, this visibility brought along substantial manual tasks: rewriting policies, managing change timelines, and conducting time-intensive investigations.
As Entra Access Governance phases out, Microsoft has introduced Delinea as a transitional partner. Delinea offers a Privileged Access Management (PAM) approach emphasizing on credential protection and session management. Yet, for teams handling intricate, fast-paced cloud environments, the requirement transcends mere credential management. The true hurdle lies in managing access rights continuously and seamlessly, without impeding business operations.
Why Solely Having Visibility isn’t Adequate
EAG was crafted to assist organizations in identifying access vulnerabilities, but lacked the ability to enforce controls. Despite the visibility provided, numerous teams were compelled to:
Analyze access patterns manually
Create and test custom IAM policies
Address risks without affecting workloads
In dynamic cloud settings where identities are in constant flux—across accounts, services, and external connections—manual workflows fail to scale, and visibility devoid of action results in exposed vulnerabilities.
The Prospect: Transitioning from Monitoring to Implementation
The retirement of EAG presents an opportunity to reevaluate your cloud access strategy. Instead of substituting one visibility tool with another, organizations can gravitate towards solutions that automate access management and consistently mitigate identity risks.
Contemporary cloud security entails:
Implementing least privilege across human and automated identities
Integrating with developer workflows and authorization mechanisms
Adapting promptly to evolving cloud infrastructures
Overseeing third-party access without exceptions or manual interventions
Avoiding impediments that hinder engineering teams
Sonrai’s Cloud Access Fire shield: Engineered for Contemporary Cloud Identity Risks
Sonrai Security’s Cloud Access Fire shield is specifically designed to confront today’s cloud access challenges upfront. Instead of leaning on visualizations and manual cleanups, the Fire shield empowers organizations to seize command of identity risks and markedly diminish them through automation.
Automatic Implementation of Least Privilege
The Fire shield persistently scrutinizes activities and eliminates unnecessary permissions based on actual usage data. A single overarching policy ensures least privilege throughout your environment without necessitating custom policy structuring.
Seamless Integration with DevOps
Access in active use remains unaffected. Developers and workloads experience no interruptions. Should access be required, the Fire shield directs the request through communication channels like Slack, Teams, or Email for authorization and automatically updates permissions.
Incorporated Just-in-Time Access
Access is provided only when necessitated, regulated by cloud-native policies and endorsed through chat platforms such as Slack or Teams. This reduces standing privilege while supplying swift, auditable access in alignment with business objectives.
Eliminating Intermediate Access Points
Sonrai does not mediate sessions or introduce additional tools into the workflow. Users continue to access resources through native cloud consoles, CLIs, and APIs.
Thoroughly Regulated Third-Party Access
Through CAF, organizations attain complete oversight and authority over external identities—vendors, contractors, and associates. Least privilege can be enforced for third-party accounts, their activities monitored, and unused access revoked automatically on a continuous basis.
A Shift from Lockboxes to Policies
While PAM tools like Delinea serve a significant role in managing credentials, the crux of today’s cloud identity risks lies in access rights, not just confidential information. Least privilege pertains to governing what identities are permitted to execute within your environment.
Cloud Access Fire shield addresses the primary source of cloud identity risks:
Intricate inheritance
Idle and excessively permissive permissions
External pathways for access
Persisting misaligned policies over time
Avoid Replacing EAG. Reassess the Issue.
The conclusion of Entra Access Governance offers more than a mere tooling decision. It provides an opportunity to make substantial advancements in cloud identity security.
Sonrai’s Cloud Access Fire shield assists security teams in transcending monitoring towards implementation. It serves as a tailor-made solution for organizations aiming to reduce risks, achieve least privilege swiftly, and preserve control as their cloud infrastructures expand.
About Author
