Description
SailPoint CIEM provides deeper visibility into your cloud environments by leveraging native AWS Tags, Azure Tags, and GCP Labels. This capability provides the critical visibility needed to see which identities can access resources associated with specific tags. By surfacing this information directly within the platform, you can ensure access to cloud resources remains appropriate and aligns with your security posture, all from within the SailPoint CIEM product.
Problem
The absence of visibility into who has access to cloud resources based on AWS and Microsoft Azure tags, and Google Cloud labels, creates a gap in visbilty and understanding your cloud environments. Without a simple way to view, search, and report on access by these tags and labels, organizations cannot effectively govern their cloud resources. This makes it difficult to answer critical questions like, “Who can access our ‘PII’ tagged data?” or “Are we compliant with our own data governance policies for access to production environments?”. As a result, teams are forced into manual, time-consuming, and at times error-prone processes that are simply not scalable in today’s dynamic cloud environments.
Solution
Cloud Resource Tags (AWS and Microsoft Azure) and Labels (GCP) are now integrated directly into ISC CIEM, providing critical visibility across the platform. Customers can view these tags and labels (key and value) on cloud resources within the CIEM effective access view, ISC Search (Search using tags is based on the tag key and the tag value at this time. Support for Tag - Key:Value based search will be supported in a near term release), and the CIEM AIC dashboards. This unified visibility enables administrators and managers to quickly understand which resources have specific tags and which identities can access them, allowing for validation of permissions. By centralizing this information, customers no longer need to pivot between their cloud provider console and SailPoint CIEM, saving valuable time and enabling faster validation of tags, labels, and their associated resource access.
Who is affected?
All CIEM customers.
Action required
Customer-facing: No action required. Cloud Resource Tags and Labels will be available for all CIEM customers as the release rolls out.
Important dates
| Milestone | Date |
|---|---|
| Sandbox | Monday, June 29, 2026 |
| Production | week of Monday, July 6, 2026 |