Securing the Foundation
As the Coronavirus (COVID-19) pandemic intensifies, companies are driven to implement business continuity plans, but it is not the business continuity/disaster recovery plan they thought they would have to use. Coronavirus is forcing organizations to make a rapid shift from an on-ground workforce to a remote distributed workforce, with little to no preparation. In the process of making this shift, enterprises need to protect their employees and ensure business operations continue.
The greatest difference between the business continuity plan needed now and the disaster recovery plans commonly designed is that only the employees are displaced; all of the other IT components are still in place, whether on-prem or in the cloud. Shifting to off-site labor rather than off-site technical infrastructure demands businesses manage all of the usual compliance challenges plus the additional challenges of remote operations. Standard business operations such as development, collaboration, and day-to-day tasks must continue, but now the rules have changed.
Monitoring traffic from this abruptly distributed workforce includes numerous additional external connections that could easily be disguising a bad actor. Identifying bad actors compared to normal users becomes more difficult. Existing security tools now bring in larger volumes of data, and most tools provide a proprietary interface.
Stay Compliant, Stay in Control
Meeting compliance rules in a diverse IT ecosystem is arduous on the best of days, but can be daunting when dealing with an unexpected spike in remote workers. Maintaining compliance becomes more formidable with more non-controlled devices in a variety of non-controlled locations. Yet without access to the business-critical and sensitive information required to perform job responsibilities, productivity would grind to a halt. Keeping employees safe from COVID-19 is of critical importance, yet business continuity is necessary for critical operations to continue, and business continuity demands consistent compliance. Organizations must adhere to the same compliance rules in spite of an ongoing pandemic. Without automation this becomes a herculean task, especially across multiple clouds, sites, and external work locations.
Saviynt makes compliance manageable whether on-prem or throughout the multi-cloud and multi-site IT ecosystem with over 250 security controls and risk signatures available out-of-the-box. These controls directly map back to industry standard compliance frameworks such as SOX, HIPAA, HITECH, and PCI. Our easily customizable drag-and-drop interface means that you do not need a programmer to understand and configure Saviynt. Once set, these rules apply throughout the decision-making and risk-evaluation process every time a request for access is made. This ensures that compliance is integrated throughout your IT ecosystem, even when you have to start rapidly implementing compliance controls in and across new environments and ecosystems.
Developers working from home come with the challenge of ensuring the codebase that they are working on is secure and that it can safely be moved through the development lifecycle. Fortunately, developers have already been moving down this path with the development lifecycle in the cloud using a CI/CD pipeline to streamline and automate the process from development to production. Doing this requires the issuance of keys to developers to conduct their work and the escalation of privileges for these identities in order to undertake tasks such as escalating code from development to testing through production. Protecting these privileged keys is not just challenging but can leave individuals with excessive rights that violate the principle of least privilege. This is extremely dangerous as a bad actor could insert malicious code and through a stolen key self promote the code all the way into production without any checks along the way.
Saviynt maintains CI/CD security by ensuring that there are zero standing privileges when they are not directly needed to perform functions in the environment. Software will not store keys internally but instead will programmatically check them out at time of code execution for escalated tasks. Saviynt integrates with Hashicorp to utilize scoped keys that expire after a given duration. This prevents a rarely used, non-expiring and high-privilege key from being acquired by bad actors.
Saviynt allows organizations to see and control when a developer may have a risky or toxic combination of access, such as the capability of both writing code and performing QA on that code. Keeping these duties separate is key to preventing poor code hygiene, and it also reduces the risk of a backdoor being written in and pushed into production.
Looks for anomalous behavior
When dealing with multiple external workers and the sudden change in traffic, a new challenge arises in being able to monitor all of the multiple streams of data coming in from different sources in real-time. An IT ecosystem that ranges from on-prem assets to multiple clouds can generate a huge volume of log data, as well as a large assortment of data provided by SIEM tools and vulnerability scans. Each of these is generally contained in its own environment and has separate interfaces for reviewing and monitoring, but there is no tie binding these data streams together to find anomalies that might not be readily apparent from any given interface.
Saviynt’s visionary Identity 3.0 is able to bring order to the chaos and gather data from diverse tools across your ecosystem such as SIEMs, endpoint security, change management databases, ITSM, and vulnerability analysis data. We intelligently curate this data along with individual application logs and alerts to provide unparalleled depth-of-visibility into risk across the multi-cloud ecosystem. We apply risk analysis to rapidly detect, effectively investigate, and automatically respond to incidents. Saviynt combines all of the power of these tools into a single-pane-of glass interface with out-of-the-box and custom controls, delivering organizations the risk insights these tools cannot offer independently. In a time when organizations are struggling with how to enable remote workers, Saviynt delivers the security necessary to address the risk posture of the dispersed workforce.
Even Without COVID-19
Whether adapting to a pandemic or evolving to follow the trend of offering remote work as a perk, Saviynt is a partner in ensuring your organization’s data is secure. Even when the IT landscape of your organization changes, Saviynt helps maintain business continuity with automated response to risk and continual compliance. Whether securing file access or enabling software development, Saviynt ensures only the right people will have the right access to the right digital resources at the right time.
Saviynt starts with people – who they are and what applications they need – to create a holistic set of identities across the cloud ecosystem. This approach enables customers to govern all identities access from cradle to grave, providing continuous visibility of access to enforce internal controls that align with regulatory and industry-standard mandates. Saviynt’s cloud-native platform offers flexible deployments, including on-premises only or hybrid/cloud to match your hybrid ecosystem identity needs.
Our suite of solutions enables you to create a holistic approach to IAM that enables you to mature your cybersecurity posture around remote workers– and all identities– by using an identity-centric foundation to secure your ecosystem.
For more information about managing identity security for your remote workers, contact us for a demo.