Cloud Infrastructure Entitlement Management (CIEM)

Project background 

Overview

The client, a leading provider of cloud security solutions, initiated a project to enhance their CIEM platform. The platform offers Real-Time Identity Intelligence, Automation, and Governance Solutions for hybrid and multicloud environments. CIEM empowers organizations to securely manage entitlements (permissions) across Azure, AWS, and other cloud platforms, ensuring visibility, control, and compliance.

The project was aimed at improving system performance and redesigning the data architecture. The focus was on migrating from storing objects in JSON within the database to a fully relational data model. This redesign aimed to enhance system efficiency, scalability, and reliability.

The developer also worked on enabling seamless cloud account management, granting users centralized control over multicloud resources, and adding functionalities for automatic issue resolution.

Project Goals

• Transition from JSON object storage to a fully relational database model.
• Replace int identifiers with GUIDs, and streamline repository interfaces for better data handling.
• Provide users with the ability to manage multiple cloud accounts (Azure, AWS, etc.) from one unified platform.
• Offer real-time governance and entitlement management across hybrid and multicloud architectures.
• Present CIEM as a competitive solution to potential partners and demonstrate superior functionalities.

Challenges

• Migrate from JSON-based storage to a relational model and maintain system integrity.
• Rewrite repository models and ensure seamless database interaction.
• Implement GUID identifiers without disrupting existing systems.
• Manage testing and migration processes to maintain ongoing platform functionality.
• Support multicloud architectures with real-time identity and governance solutions.

Our approach

Solution

The team focused on a comprehensive overhaul of the data layer, transitioning from JSON object storage to a fully relational database model. This shift addressed long-standing performance and scalability issues, ensuring that the system could handle increasing data loads efficiently. Repository interfaces were restructured to enable direct database reads and repository-based writes, providing a more robust and maintainable architecture.

Additionally, the development introduced features allowing users to manage multicloud environments seamlessly, giving them centralized control over accounts and resources across platforms such as Azure and AWS. Automated workflows were implemented to detect and resolve issues, reducing manual intervention and increasing system reliability. Throughout the project, an iterative approach was taken, incorporating client feedback and ensuring that each phase delivered tangible improvements.

Team

The team consisted of one experienced developer, focused on backend and data architecture improvements, and a project manager overseeing timelines, deliverables, and communication with stakeholders.

Results

The redesigned CIEM platform delivered significant performance enhancements and scalability improvements. By adopting a relational database model, the system became more efficient and capable of handling complex data interactions. The integration of GUID identifiers improved data security, while the updated repository interfaces streamlined data management processes.

Users benefited from a unified interface that enabled seamless control of multicloud environments, improving operational efficiency and visibility. The platform’s new features for automated issue resolution and governance strengthened its position as a market-leading solution. Additionally, the project’s outcomes demonstrated the potential for collaboration with industry partners, solidifying the CIEM system as a competitive and innovative offering in the cybersecurity domain.