Ermetic
Ermetic is a cloud infrastructure security platform that provides identity-centric access management, Cloud Security Posture Management (CSPM), and data security for public cloud environments.
- Cloud Infrastructure Entitlement Management (CIEM) and least-privilege access controls for identities, roles, and resources (cloud security / Identity Access Management (IAM)).
- CSPM for identifying and remediating misconfigurations across multi-cloud environments (cloud security posture management).
- Visibility into permissions, network exposure, and data access paths across cloud accounts, projects, and subscriptions (cloud security observability).
- Risk analysis and prioritization for cloud workloads, data stores, and identities using policy-based evaluation (risk and compliance management).
- Integration with DevOps and security tooling for governance workflows, policy enforcement, and incident response (DevSecOps enablement).
More About Ermetic
Ermetic focuses on securing enterprise workloads running on public cloud platforms by mapping and analyzing identities, permissions, and resources across cloud accounts. Its platform is positioned for security teams, cloud platform owners, and compliance stakeholders who manage large-scale, multi-account or multi-project environments. The service is used to centralize analysis of access policies and entitlements, and to enforce least-privilege access for human and machine identities.
The core capabilities align with CIEM and CSPM categories. Ermetic ingests configuration and metadata from cloud providers and analyzes identity and access management (IAM) policies, Role-Based Access Control (RBAC), and resource configurations. It evaluates policies such as IAM roles, security groups, Network Access Control (NAC) lists, and storage permissions to detect excessive access, unused privileges, and risky configurations. This allows security and infrastructure teams to generate and apply least-privilege policies based on actual usage and defined governance rules.
From an architectural standpoint, Ermetic uses cloud provider APIs, IAM policy models, and resource graphs to build a representation of relationships between identities, permissions, and data. It supports common cloud constructs such as roles, policies, service accounts, groups, and access keys. The platform correlates network exposure, data store configurations, and workload attributes to map reachable attack paths, showing how an identity could access sensitive resources under current policy states. This approach places the service alongside other cloud-native security tools that operate through agentless or API-based integrations rather than inline network controls.
In enterprise environments, Ermetic is typically deployed by Security Operations (SecOps), cloud security, or platform engineering teams to support Governance, Risk, and Compliance (GRC) programs. It is used to enforce internal policies, prepare for audits, and reduce exposure caused by misconfigurations or over-privileged accounts. The platform integrates with ticketing, Security Information and Event Management (SIEM), and DevSecOps pipelines to route remediation tasks to application and infrastructure owners. Policy as Code (PaC) patterns are often applied so that guardrails and rules defined in Ermetic can be aligned with Infrastructure-as-Code (IaC) workflows.
For marketplace and directory classification, Ermetic fits into cloud infrastructure security, with primary categories of CIEM, CSPM, and identity-centric cloud risk management. Organizations evaluate it alongside other Cloud Native Application Protection Platform (CNAPP) components, particularly where central management of permissions, resource exposure, and cloud configuration risks is required across multiple public cloud providers.