Over the last few years, organizations have been bombarded by change brought on by accelerated cloud adoption, changing workforce patterns, and increased security threats. For many, traditional Privileged Access Management tools are proving inadequate for the task of discovering privilege risk in cloud platforms and SaaS applications. Security leaders are embracing privileged access management (PAM) as a critical security control in combating cyber threats, but have recognized that they need to modernize their approach to PAM security tools.
Here are some things to consider:
For workloads in the cloud, traditional privileged access management tools underperform due to inflexible architecture, persistent over-privileging, and weak visibility and context for user access.
We’ll cover a few key characteristics of a modern cloud PAM solution in this blog, the first in our series on evaluating privileged access management tools for the cloud. In the next blog in the series, we will share a few must-ask questions to ask prospective vendors.
Modern PAM programs should provide enterprise-wide visibility into privileged access risks across a complex, hybrid, multi-cloud environment. To help security leaders evaluate a new generation of PAM platforms, we’ve put together a Cloud PAM Buyer’s Guide.
Here are some other defining characteristics of a modern cloud PAM solution.
Traditional PAM solutions are built on on-premises infrastructure and rely on outdated practices, such as vaulting and privileged credential rotation. This legacy approach can’t keep pace with cloud workloads. This can be true even of solutions that market themselves as “for the cloud.” As organizations push for cloud speed and scale, problems like rubber-stamping and over-provisioning can start taking over. Consider adding “built-IN-the-cloud” to your consideration list.
Granular awareness of identities, resources, and entitlements is a must-have to manage privileged access across hybrid multi-cloud environments. How PAM solutions get this information and what they do with this awareness can be an important differentiator.
One characteristic to look for is whether or not this visibility comes right “out of the box” or if it is achieved after months of rule creation and tuning, for example. Ease of onboarding, including real-time discovery of workload or entitlement discovery can deliver useful insights to help you address risks sooner.
We see this as a crucial characteristic because enterprises have a nasty habit of splicing disparate solutions when trying to reduce risks. Once these disparate cloud security services, access management, privileged user access, and governance tools are put in place, leaders are left with disjointed access management processes and inconsistent implementation of infosec policies. The inherent complexity and inconsistency that comes with this approach weaken an organization’s overall security posture.
Gartner calls effective governance a pillar of PAM. For real governance, enterprises must understand appropriate access and possess the means to right-size as needed, including across infrastructure, apps, and cloud.
Governance by design ultimately catalyzes the end goal of just-in-time (JIT) privileged access. By embedding this, enterprises have the necessary checks and balances before a user, session or asset is created within the privileged environment.
Zero Standing Privilege (ZSP) describes that utopian-state practice where no always-on, permanent permission exists. ZSP policies ensure that user access to systems, applications, or servers is retrieved as needed, where credentials are created every time an approved access request is generated and only for the amount of time needed to complete the task.
How easily and quickly you can get to this nirvana state varies by vendor. Legacy solutions built on a foundation of vaulting may require additional point products, coding or professional services to enable just-in-time and just-enough privileges.
Saviynt helps customers move off legacy infrastructure and conquer cloud complexity. Saviynt Cloud PAM is built on our Enterprise Identity Cloud platform, which converges IGA, granular application access, cloud security and privileged access into the industry’s only enterprise-grade SaaS-based identity solution. This converged approach means that customers can manage all identities and entitlements more efficiently, improve enterprise-wide visibility, and leverage identity intelligence to make better access decisions.