Cloud Secure Series Tip 2: Privileged Access Management
As mentioned yesterday, Saviynt will be sharing 8 security dimensions leading up to AWS re:Invent, that will help get your cloud infrastructure Cloud Secure. In yesterday’s blog, we discussed how a ”consolidated access view” is fundamental to access governance (click here to read).
Today, we would like to talk about how hybrid IT is becoming the norm and more critical assets/workloads are moving to the cloud. With that, privileged access compromise for cloud applications is emerging as one of the biggest threats. More autonomy and flexibility to business and developers means a higher proliferation of privileged access and ‘keys to the kingdom.’
The inherent challenge with determining the user’s access to cloud assets/platforms lie within thousands of native JSON based policies, permissions and roles objects. Access assignments are static and often lead to residual access which can possibly lead to data breaches.
With Saviynt, understanding the user’s net access at any given point in time is straightforward and simple (click here to read), which otherwise requires analysis of numerous fine-grained permission objects. Adhering to the principle of ‘Least Privilege’ requires calculation and modification of these numerous objects in a continuous manner.
Saviynt’s solution: combining users access patterns and usage activity allows us to create an intelligent system which can elevate/drop the access assignments and maintain the principle of least privileged access in the environment. Intelligent profiling and learning allow the system to do this automatically and reduce the manual effort.
Access can be elevated for a specified duration in case of emergency/firefighting, depending on where the access is assigned to be dropped back. This should be followed by retrieval of privileged activity logs that feedback to a system for review and adjustment of access assignments. This helps in improving the overall security posture of the ecosystem.
To learn more about Saviynt’s solution for Privileged Access Management read the following:
Join me in our next blog as we discuss real-time preventative controls framework.