Saviynt Privileged Access Management
AWS GOVERNANCE & SOLUTION MANAGEMENT
CLOUD SECURE for data & privilege
With hybrid IT becoming the norm and more critical assets / workloads moving to cloud, privileged access compromise for cloud applications is emerging as one of the biggest threats today. More autonomy and flexibility to business and developers means higher proliferation of privileged access and ‘keys to the kingdom.’ It is imperative to manage and govern privilege / service accounts / access / roles / groups and continuously monitor their activity for any signs of compromise. Saviynt delivers a comprehensive solution for privileged / emergency access management and governance for Cloud and enterprise providers such as AWS, Azure, Salesforce.com, Workday, Office 365, SAP, SAP HANA, etc.
PRIVILEGE ACCESS REQUEST
- Timed request for privileged /
- Multi-level flexible approval workflow
- Perform step-up out-of-band
authentication for privileged access request
- Supports 2 models for privilege
grant – role based and shared account based
- Claim account ownership of service (non-human) accounts
- Continuous risk-based certification, Flexible check out / check in policies
PRIVILEGE SESSION MONITORING
- Record privilege activity sessions
- Risk-based certification and review of privilege session activity
- Perform user behavior analytics with Saviynt Risk Insight TM to identify malicious / anomalous activity
- Identify segregation of duty violations during privilege session
- Monitor out-of-band and unapproved access changes
BUILT FOR SECURITY
- Supports Cloud and enterprise
- Requires no password vaulting
- API-based integration with managed applications eliminates need for access gateway; supports any direct access channel
- Manage lifecycle of privilege and shared accounts with automatic
provisioning and ownership
- Request from mobile devices via native app (iOS and Android)
Go vault-less: a smarter
way to grant
Privileged access traditionally has been managed by sharing a common account across multiple users. This introduces the need for additional password vaulting and check out of passwords for limited duration. Saviynt allows check out and check in of privileged access via roles. These privileged roles are then assigned to regular user IDs for a limited duration upon appropriate approvals. This leads to easier correlation of user’s privilege activity as account ID remains unchanged in Cloud IaaS and SaaS audit logs.
Detect policy violations
and anomalies during
Saviynt monitors all privileged session activity to identify if users have leveraged emergency or privileged access to bypass any segregation of duty or access policies. Additionally, Saviynt can correlate accounts and access created manually by administrators to any approved access requests and monitor out-of-band or unauthorized changes being made directly to target systems. Upon identification of potential malicious intent, Saviynt can
automatically kick-off an activity review and certification to normalize or remediate the violations.
Chalk Talk: Privileged Access Management for Cloud Infrastructures
Featuring Vibhuti Sinha, Chief Cloud Officer
Built to scale
Privileged activity especially on IaaS, DevOps and SaaS platforms can be extremely chatty and lead to large volumes of data. Saviynt leverages powerful components such as Elasticsearch and Kibana from Elastic to perform log and usage analysis. Combined with drilldown dashboards and visualizations, Saviynt delivers next generation data analytics driven investigation workbench for Cloud and Enterprise.
Risk-Based Access Request And Certification
Featuring industry leading user experience and flexible approval workflow, Saviynt enables an intuitive UI for requesting privileged or emergency access. Saviynt makes it easy to configure maximum check out duration policies and multi-level approval workflow per system or privileged role. Governance is enforced by controlling who can request access to specific privileged accounts, categorized by business functions. Multiple owners can be defined per privileged account or role who are then responsible for periodic certification and review of their access. Maintain strict control over privileged / service account ownership management by tightly linking it to user lifecycle triggers e.g. if a privileged account / access owner changes jobs, Saviynt detects a potential transfer and launches a micro-certification process to identify new owners.