Federal Government: Legacy or Modern IGA Relief

Overview

The Cybersecurity and Infrastructure and Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program, within the Department of Homeland Security (DHS), added new requirements to support cloud/modern platforms, specifically AWS and Azure

Requirement

The DHS has a requirement through their CDM program to build an effective data model for the Master User Record (MUR) and manage/govern identities to support modern SaaS platforms AWS and Azure. An MUR is a collection of users, their attributes, and entitlements; their MUR is currently built to support on-premise assets. This requirement is to create an MUR for cloud assets.

Situation

CDM is asking all federal civilian agencies to start working on solving this cloud requirement. Tasked with this new requirement, many organizations found their legacy “on-prem” solutions coming up short when trying to solve the transition to a modern-day cloud-centric environment.  

Legacy IGA vendors were not prepared and did not fully understand how to shift to the cloud efficiently. They tried cobbling together multiple different solutions through acquisition and used go-to-market Partners to provide an on-premise solution in the cloud. These same legacy on-premise solutions or legacy stacked vendors are not able to meet the dynamic scale and velocity of changes in the cloud. The on-premise upgrade process is lengthy and expensive; upgrades take months trying to keep the business going. Agility is low, integration or migration is slow, and operating costs are high. Legacy technologies simply lack the ability to pull a proper data model in support of CDM requirements. 

It gets cloudy

In the early “legacy” days of IGA the concept of the cloud or cloud applications or cloud infrastructure was negligible. Today, Infrastructure-as-a- service (IaaS), Platform-as-a-service (PaaS), and Software-as-a -service (SaaS) are a way of life for most organizations. Every company uses some form of a cloud-based service, from Amazon Web Services (AWS) to Workday Financial. These services are quick to implement and scale up and down effortlessly while creating a complex IT environment to manage. As an example, IaaS infrastructure is now code where layer upon layer of technologies are put together to build complex structures that help organizations respond faster, offer more services, and cut costs. The problem with code-based infrastructure is that it exponentially raises the level and number of security risks within the organization. 

The struggle is real

In a software-driven world, if code-based infrastructure heightens security, who is responsible for risk? We are seeing the burden of responsibility for security is increasingly being divided. Organizations that once depended on cloud services for security struggle to maintain the security of their applications, operating systems, data, access controls, security monitoring, and even service configurations. Cloud service providers are responsible for securing everything above the virtual machine level. The chief risk among all these levels of security is identity management.

Traditional legacy IGA vendors come up short when trying to solve these modern cloud-centric problems. Instead of providing an on-premise solution in the cloud, Saviynt takes a different approach. 

A singular solution to integrated Cloud technologies

At Saviynt we have the advantage of being built in the cloud, made for the cloud and deliver cloud solutions to solve modern-day business problems. Modern SaaS platforms like AWS, Azure or Salesforce require depth of integration that only comes from cloud technologies. Saviynt’s cloud-native platform enables the business to identify and manage deep granular permissions from an infrastructure and identity perspective and are able to build an effective data model that is more efficient than SailPoint or CyberArk. Saviynt identifies the risk in the cloud infrastructure configuration. Our approach includes governing the infrastructure based on CIS Benchmarks, NIST 800-53, which informs our access control to critical workloads in the cloud. 

Saviynt provides organizations a single solution to enforce governance & compliance mandates for all things cloud and on prem, including full identity lifecycle management, privileged access management and cloud infrastructure configuration analysis. Saviynt’s, Identity 3.0, is a hyper-converged platform that brings together intelligent Identity Governance & Management, Application GRC, identity-centric Cloud Security, and Cloud Privileged Access Management (PAM). Saviynt enables organizations to leverage ‘identity as the true perimeter’ across a multi-cloud and hybrid IT environment and ensure appropriate access with its usage-driven identity intelligence and analytics. Identity 3.0 is a modern SaaS solution that eliminates the need for endlessly increasing operating costs with diminishing added value of legacy solutions. 

Register now for our webinar on April 14, 2020: Continuous Compliance for Healthcare in the Cloud.

Adam Barngrover

Adam Barngrover

Adam Barngrover is Principal Solution Strategist at Saviynt, with responsibility over Cloud Access Governance and Intelligence solutions. A graduate of the University of Oklahoma, with more than 14 years of experience in the Identity & Access Management space, Adam has helped organizations develop their Identity and Security strategy that revolved around Governance and Compliance frameworks. Prior to joining Saviynt, he was an IAM/IGA consultant working with Fortune 500 companies on the development and implementation of their IAM/IGA strategies.

Recent Posts