Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (8)
Similar to The 7 Layers of Privileged Access Management
Similar to The 7 Layers of Privileged Access Management (20)
More from banerjeea
Recently uploaded
Recently uploaded (20)
The 7 Layers of Privileged Access Management
- 5. Laptops In house servers Mobile devices Cloud Servers The Landscape is ChangingIT Landscape
- 6. • Shift in Capex to Opex • Cost savings – 25% on avg. • EmployeeMobility • Easy access – 49% on avg. • Scaling is easier • More efficient – 55% on avg. • Time savings • More time to innovate– 31% on avg. • Choice – no traditional vendorlock in Why is the Cloud Popular
- 7. SAML & SaaS • Less than 25% of corporateapps have SSO support • Less than 1% of all SaaS apps understand SAML • Passwords are here to stay!
- 8. Mapping User Roles • How to map to 3rd party SaaS apps? • SAML assertions- weak support. • No magic bullet
- 11. PAM - 100% Coverage Web Apps Servers and Containers
- 12. PAM - Layers Shrek: Ogres are like onions Donkey: They Stink? Shrek: Yes. No. Donkey: Oh.....they make you cry Shrek: No! Donkey: Oh, you leave 'em out in the sun,they get all brown,start sproutin' little white hairs Shrek: NO. Layers.Onions have layers.Ogres have layers.Onions have layers.You get it? We both have layers.[sigh] Donkey: Oh, you both have layers. Oh. PAM has layers. Onions have layers. We both have layers.Get it?
- 13. PAM - The 7 Layers 2FA on Apps and Servers SaaS PAM SSH Session Control Secret Storage Access sharing Reporting and Audits Server PAM
- 14. Evolution of PAM PAM 1.0 Crawl • Password Vaulting • SSH Key Rotation • Video-session Recording PAM 2.0 Walk • Rights Management • Time based checkout • Credential rotation PAM 3.0 Run • SaaS PAM • Adaptive authentication • Automated auditing
- 15. Challenges 15
- 16. q Privileged Access Management § Full control over who has access to what and when. § Real time and Intuitive Hard Problems
- 17. q Vigilance § Keep track of user activity § Receive alerts for anomalous behavior § Gain complete visibility through detailed reports Hard Problems
- 18. q Secrets management § API/Machine to API/Machine authentication § API keys in code Hard Problems
- 19. q Reports and Auditing § Compliance is complex, disparate systems § Continuous auditing is necessary Hard Problems
- 20. Strategies 20
- 21. Layer on top of existing services Dynamic Privilege Management SSO NAC CASB Deployment
- 22. User Fatigue 2FA = Friction • Entering 8 Digit Codes • Carrying Hardware • One time Passwords • Multiple IDs
- 24. What can an employee see What can an employee click What can an employee fill What can an employee download Use Case
- 25. Command Filtering SSH Key Management Session Recording URL Filtering Action Filtering View Filtering Solution
- 26. Conclusion 2FA on Apps and Servers SaaS PAM SSH Session Control Secret Storage Access sharing Reporting and Audits Server PAM q Fine Grained Control - SaaS PAM is important. q Session recording for compliance and security. q Secrets management - is an emerging area. q Reports and Auditing - need continuous process. q Simplify 2FA Experience - reduce friction.