Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
intelligent identity. smarter security.
Monitoring and
Administrating Privileged
Access in the Cloud
intelligent identity. smarter security.
Overview
• Managing privileged access in the cloud
• What legacy PAM doesn’t addre...
Gaps in applying
legacy PAM to
Cloud
Lift and shift of traditional and legacy PAM
products on cloud
Not identifying all ty...
Design principles
Solving PAM needs of Cloud
Cloud Native Risk and
Governance Aware
As a Service -
IGA and PAM
Convergence
intelligent identity. smarter security.
SSH and Credential Vault
Available on Saviynt Cloud and On-premises
Audit Vault
An...
PAM for IaaS and SaaS
6
intelligent identity. smarter security.
7
#1 - Privileged Access Visibility for Federated/Local
Identities
Federated
Role
...
intelligent identity. smarter security.
8
IT General Controls
SOX
FedRAMP
HIPAA / HITECH
PCI
ITAR
NERC / CIP & more…
CIS
S...
intelligent identity. smarter security.
Users
Cloud Services and Resources
Privileges
Enterprise
Joiner
Mover
Leaver
9
#3 ...
intelligent identity. smarter security.
10
HR
Joiner
Mover
Leaver
 Intelligent Self-Service / Delegated
Access Request
 ...
intelligent identity. smarter security.
#5 - Identify the Cloud conduits/interfaces and
types of privileged identities
11
...
intelligent identity. smarter security.
PAM requirements for IaaS
1
2
Mgmt.
Console
Instances/
Workloads
Determining conti...
intelligent identity. smarter security.
PAM requirements for IaaS contd.
1
3
Just-in-time Access assignment to Serverless
...
intelligent identity. smarter security.
Privileged access in AWS
1
4
Manage lifecycle of privileged identities
Identifying...
intelligent identity. smarter security.
SEPARATE IGA
THICK SSH/RDP CLIENT
• Temporal access elevation + privileged ID
assi...
intelligent identity. smarter security. 16
Cloud
Security
DevSecOps
IGA
PAM
Key Solution Drivers
Modular
Single Platform
O...
Thank you
Saviynt is located at booth #807
Have Further Questions –
cpam@saviynt.com,
cpam-sales@saviynt.com
Upcoming SlideShare
Loading in …5
×

Monitoring and administrating privilegeMonitoring and administrating privileged access in the cloud - DEM09 - AWS reInforce 2019 d access in the cloud - DEM09 - AWS reInforce 2019.pdf

129 views

Published on

A key security consideration for the enterprise is monitoring and administrating privileged access for business-critical applications that are running on the AWS Cloud. Join Saviynt in this session and learn how to request, fulfill, certify, and govern privileged assets in the cloud with Saviynt’s Cloud privileged access management (PAM) solution. Saviynt covers best practices and the benefits of securing privileged access in the cloud, ranging from the AWS Management Console to elastic workloads. This session helps you understand why privileged access is a cornerstone of best practices and compliance for cloud security.

  • Be the first to comment

  • Be the first to like this

Monitoring and administrating privilegeMonitoring and administrating privileged access in the cloud - DEM09 - AWS reInforce 2019 d access in the cloud - DEM09 - AWS reInforce 2019.pdf

  1. 1. intelligent identity. smarter security. Monitoring and Administrating Privileged Access in the Cloud
  2. 2. intelligent identity. smarter security. Overview • Managing privileged access in the cloud • What legacy PAM doesn’t address on AWS • Best practices & Design principles to solve for Cloud PAM needs • PAM for IaaS – Deep Dive
  3. 3. Gaps in applying legacy PAM to Cloud Lift and shift of traditional and legacy PAM products on cloud Not identifying all types of privileged identities on the cloud Solutioning PAM for SaaS apps like traditional apps Not reducing the attack surface Risk and Governance as an afterthought
  4. 4. Design principles Solving PAM needs of Cloud Cloud Native Risk and Governance Aware As a Service - IGA and PAM Convergence
  5. 5. intelligent identity. smarter security. SSH and Credential Vault Available on Saviynt Cloud and On-premises Audit Vault Analytics Engine Containerized SSH AWS ECS Cloud native technology approach Confidential 5 • Passwordless deployment architecture • Automated account discovery and onboarding • Auditability via logs and keystroke capture • Centralized control of environmental access • Integrated service account lifecycle management
  6. 6. PAM for IaaS and SaaS 6
  7. 7. intelligent identity. smarter security. 7 #1 - Privileged Access Visibility for Federated/Local Identities Federated Role PolicyIdentity Provider Federated Group Enterprise Permissions Cloud Services and Resources Organization’s access visibility AWS Access Visibility
  8. 8. intelligent identity. smarter security. 8 IT General Controls SOX FedRAMP HIPAA / HITECH PCI ITAR NERC / CIP & more… CIS S3 VPN Policies ALB Elastic- search RedShif t Profiles, Permission Sets Kinesis EBS SFDC Object s EC2 RDS ELB Cloud formation AWS IAM VPC TerraformViolations Remediate RISK IaaS, SaaS & DevOps Resources #2 - Map privileged access and security analytics to Compliance Frameworks
  9. 9. intelligent identity. smarter security. Users Cloud Services and Resources Privileges Enterprise Joiner Mover Leaver 9 #3 - Integrate HR systems with privileged access processes x 63% of organizations remove privileged access of terminated employees only after 24 hours
  10. 10. intelligent identity. smarter security. 10 HR Joiner Mover Leaver  Intelligent Self-Service / Delegated Access Request  Preventive policy evaluation including license violation  Risk-based Access Certification (event-based, periodic)  Birthright Provisioning  Role / Group Transport & Management  Link Federated Access  Segregation of Duty Management Least Privileged Access RISK EVALUATION Outlier | SOD | Business Policy | License #4 - Manage and govern privileged access lifecycle management by converging IGA and PAM as one solution/platform
  11. 11. intelligent identity. smarter security. #5 - Identify the Cloud conduits/interfaces and types of privileged identities 11 Mgmt. Console Instances/ Containers Command Line Serverless Cloud databases APIs DevOps tools
  12. 12. intelligent identity. smarter security. PAM requirements for IaaS 1 2 Mgmt. Console Instances/ Workloads Determining continuous access visibility Separate IDs for regular and privileged access Management of privileged access due to ephemeral nature of cloud Management of local OS user accounts
  13. 13. intelligent identity. smarter security. PAM requirements for IaaS contd. 1 3 Just-in-time Access assignment to Serverless functions Consuming lambda functions & services Alternative to managing long term API keys Determine access to APIs Serverless
  14. 14. intelligent identity. smarter security. Privileged access in AWS 1 4 Manage lifecycle of privileged identities Identifying accounts with super privileges Monitoring User-defined session names Visibility into usage of long term keys Cloud databases Command Line devOps tools Governance extensions across the IaaS ecosystem Inclusion of DevOps tools in IGA & PAM solutions
  15. 15. intelligent identity. smarter security. SEPARATE IGA THICK SSH/RDP CLIENT • Temporal access elevation + privileged ID assignment • Workload discovery and auto-registration • SSH key distribution and credential vaulting as a Service • Privileged session manager with inline command management • Integrated service account lifecycle management JUMPBOX PERSISTENT ACCOUNTS SOD RISK AWARE IMPLICIT GOVERNANCE CLOUD NATIVE Design patterns to solve PAM needs for IaaS and SaaS 1 5
  16. 16. intelligent identity. smarter security. 16 Cloud Security DevSecOps IGA PAM Key Solution Drivers Modular Single Platform Out-of-box controls Business-friendly Risk-driven Easy to integrate As a Service Usage-driven Analytics Benefits of a converged platform
  17. 17. Thank you Saviynt is located at booth #807 Have Further Questions – cpam@saviynt.com, cpam-sales@saviynt.com

×