Expanded risk surfaces, including clouds, DevOps, and SaaS, make managing privileged access more challenging than ever. At the same time, the volume and types of identities have exploded with remote work, third-party workers, IoT devices, application IDs, and more.
Today, organizations are assessing privileged access management (PAM) in a new light. Instead of simply locking and rotating credentials in a password vault, IT leaders are looking for ways to reduce risk by reducing privileged accounts. Privilege abuse or misuse is a factor in nearly every cyber breach. In story after story, malicious actors show that they can bypass an organization’s security perimeter with something as low-tech as a phishing email.
Once inside a network, attackers can lurk undetected, looking for elevated privileges to open up more attack vectors. Depending on their goal, elevated access can help them gain access to sensitive data, deliver malware payloads, or even take full admin or root control over the entire environment.
These realities prove why the old model of privileged credential vaulting and session recording falls short. As long as standing accounts still exist, retain a high level of privilege, and stay centrally stored in a vault, organizations stay unnecessarily exposed.
Here is the rest of my interview with Vibhuti Sinha, Saviynt’s Chief Product Officer.
VS: For starters, we are the first ones to talk about convergence. We started on this journey back in 2017 and over the last couple years, we’ve seen other vendors follow our lead. We’ve seen PAM vendors building and buying IGA products and IGA vendors looking to buy PAM capabilities. But buying and then integrating those two products is not a small deal and we have several years of a head start.
Saviynt has not “bought” any of our capabilities. We have developed a cloud-native, unified, converged experience from Day 1. This is important because building a converged experience is paramount and it takes time to do that. The “capabilities-by-acquisition” approach often means the burden of integrating capabilities falls to the vendor’s R&D team and can negatively impact the customer’s experience.
These “platforms in name-only” are difficult to configure, requiring heavy customization and additional coding or professional services to enable security and compliance goals.
VS: First, what kind of integration effort is required? How much will we have to spend in implementation services to implement the two solutions? What is involved in managing and maintaining these products and integrating them with target platforms?
Keep in mind that identity programs are integration-heavy. Businesses have unique workflows. Onboarding their target platforms to identity platforms often requires more than 40% of the total effort to implement. This becomes a very important factor when customers need to onboard your apps on two different platforms.
If you are a cloud-first company or on a cloud transformation journey, you’ll also want to ask about the underlying architecture. Many legacy IGA and legacy PAM providers are somewhere in the process of lifting and shifting their technologies to the cloud. But the “lift and shift” approach does not provide the same cloud advantages as a cloud-native solution does.
Finally, you should look at what other modules come with the converged identity platform to see if there are other areas that can benefit from a converged approach. For example, managing privileged access of third-party workers is equally important. Many organizations leverage contractors who have standard and privileged access to company assets. Instead of bringing another point product to manage their third-party workforces (which would mean integrating yet another identity product into your target platforms), find out if your prospective vendor has a solution for your third-party identities. A converged platform should offer a unified, converged experience and focus on business workflows, rather than being consumed by end users as three different technology products.
Saviynt’s Enterprise Identity Cloud (EIC) platform unifies privileged access management and identity governance with built-in cloud infrastructure entitlement management (CIEM).
Behind Saviynt’s agile, risk-based approach to PAM is a fundamental goal: Eradicate persistent accounts and standing privilege, and establish governance from Day 1.
With our converged identity platform, enterprises can leverage a vast library of out-of-the-box integrations to provision privileged access management in days, while reducing operational complexity.
Saviynt Cloud PAM can help you:
Importantly, our EIC platform supports rapid, sustained progress. We’ve simplified deployment and added smart touches like a drag-and-drop, wizard-based approach to role provisioning. Sure, every organization has people and processes that may be sticking points to navigate – but with the right tools, these can be simply, securely overcome.