PRIVILEGED ACCESS MANAGEMENT
Utilize Saviynt’s privileged access management solutions to reduce risk
AWS GOVERNANCE & SOLUTION MANAGEMENT
CLOUD SECURE FOR DATA & PRIVILEGE ACCESS GOVERNANCE
With hybrid IT becoming the norm and more critical assets / workloads moving to cloud, privileged access compromise for cloud applications is emerging as one of the biggest threats today. More autonomy and flexibility to business and developers means higher proliferation of privileged access and ‘keys to the kingdom.’ It is imperative to manage and govern privilege / service accounts / access / roles / groups and continuously monitor their activity for any signs of compromise. Saviynt delivers a comprehensive solution for privileged / emergency access management and governance for Cloud and enterprise providers such as AWS, Azure, Salesforce.com, Workday, Office 365, SAP, SAP HANA, etc.
PRIVILEGE ACCESS REQUEST
- Timed request for privileged /emergency access
- Multi-level flexible approval workflow
- Perform step-up out-of-band authentication for privileged access request
- Supports 2 models for privilege grant – role based and shared account based
- Claim account ownership of service (non-human) accounts
- Continuous risk-based certification, Flexible check out / check in policies
PRIVILEGE SESSION MONITORING
- Record privilege activity sessions
- Risk-based certification and review of privilege session activity
- Perform user behavior analytics with Saviynt Risk Insight TM to identify malicious / anomalous activity
- Identify segregation of duty violations during privilege session
- Monitor out-of-band and unapproved access changes
BUILT FOR SECURITY
- Supports Cloud and enterprise applications
- Requires no password vaulting
- API-based integration with managed applications eliminates need for access gateway; supports any direct access channel
- Manage lifecycle of privilege and shared accounts with automatic provisioning and ownership management
- Request from mobile devices via native app (iOS and Android)
GO VAULT-LESS: A SMARTER WAY TO GRANT PRIVILEGED ACCESS
Privileged access traditionally has been managed by sharing a common account across multiple users. This introduces the need for additional password vaulting and check out of passwords for limited duration. Saviynt allows check out and check in of privileged access via roles. These privileged roles are then assigned to regular user IDs for a limited duration upon appropriate approvals. This leads to easier correlation of user’s privilege activity as account ID remains unchanged in Cloud IaaS and SaaS audit logs.
DETECT POLICY VIOLATIONS AND ANOMALIES DURING PRIVILEGED ACTIVITY
Saviynt monitors all privileged session activity to identify if users have leveraged emergency or privileged access to bypass any segregation of duty or access policies. Additionally, Saviynt can correlate accounts and access created manually by administrators to any approved access requests and monitor out-of-band or unauthorized changes being made directly to target systems. Upon identification of potential malicious intent, Saviynt can
automatically kick-off an activity review and certification to normalize or remediate the violations.
CHALK TALK: PRIVILEGED ACCESS MANAGEMENT FOR CLOUD INFRASTRUCTURES
Featuring Vibhuti Sinha, Chief Cloud Officer
Chalk Talk: Privileged Access Management for Cloud Infrastructures
Featuring Vibhuti Sinha, Chief Cloud Officer at Saviynt
In this video, we’re going to talk about Cloud PAM, privileged access management solutions for infrastructure service providers like AWS, Azure, and Google cloud platform.
As organizations move their critical assets into the cloud, managing privileged access to these entities becomes a challenge. Let’s take a look at what these challenges are. Admins or end users in an enterprise, when they require privileged access, there are three distinct interfaces to which the access is really needed. Number one being the web console, two being the command line prompt, and three the end workloads or the instances themselves.
Natively, the infrastructure providers provide constructs like rules, policies, and keys. The way in which these constructs are used by organizations results in a lot of security gaps. Let’s take a look at what these gaps and challenges are with Cloud PAM.
The access provided by these constructs are static in nature. Which means once a user gets privileged access, that access key is there forever until someone goes ahead and removes that access. The static-access can result further into residual access and this could result in situations leading to potential data breaches.
The last challenge which organizations face is they are unable to correlate the user’s activity, which means they are not able to figure out what has really been done with the privileged activity in their infrastructure ecosystem for identity management.
So now let’s take a look at how Saviynt has addressed these challenges and what its feature sets look like.
When an admin or an end user requires privileged access to the three distinct interfaces, they request privileged access to Saviynt, and Saviynt uses its dynamic constructs in the form of Saviynt rows or keys to provide the privileged access to its users for identity management.
Some of the features which Saviynt has defined in its privileged access management module is, its inherently elastic in nature. Which means as users require access it could be scaled up and down depending on the context with which it is being made for and that is further augmented by Saviynt to provide consolidate visibility in terms of who your privileged users are and what kind of privileged access they have in an environment at any given point of time.
Followed by that, Saviynt also has a robust module for just-in-time access risk administration which enables organizations to ensure that users get time-based or duration based privileged access on the cloud entities and post the expiration of their duration, that access is immediately revoked thereby solving the problem of not having the residual access in its ecosystem.
This is further augmented by Saviynt’s unique machine learning algorithms and state of the art big data technologies like Elastic search to do effective privileged activity monitoring.
Saviynt collects logs from all these different sources, it crunches and zips that data to do effective privileged activity monitoring in a continuous manner. Saviynt also does that log analysis and it can form user entity behavioral analytics to detect any suspicious events or malicious activity occurring in the entire ecosystem.
And lastly, infrastructure services are not used in a siloed manner for Cloud PAM. Rather, they are used with DevOps tools, which are privileged in nature so Saviynt thereby integrates with such DevOps tools including chef, puppet etc to do complete privileged access governance and monitoring of these tools.
To summarize, as you can see privileged access governance for access risk in the cloud comes with its unique set of challenges and requires a very specialized solution which Saviynt offers. If you have a similar set of privileged access management challenges, feel free to reach out to us.
BUILT TO SCALE
Privileged activity especially on IaaS, DevOps and SaaS platforms can be extremely chatty and lead to large volumes of data. Saviynt leverages powerful components such as Elasticsearch and Kibana from Elastic to perform log and usage analysis. Combined with drilldown dashboards and visualizations, Saviynt delivers next generation data analytics driven investigation workbench for Cloud and Enterprise.
WHAT IS CLOUD PRIVILEGED ACCESS MANAGEMENT (PAM)?
A Privileged Access Management (Cloud PAM) system secures, controls, manages and monitors privileged access to critical assets. Cloud PAM takes the credentials of a privileged account such as a system administrator account – and stores the credentials in a secure repository (a vault) to isolate use and reduce the risk of those credentials being misused.
Once inside the repository, system administrators must access their credentials through the Cloud PAM system, at which point they’re authenticated and their access is logged. When a credential is checked back in, it is reset to ensure that administrators utilize the Cloud PAM system to use the credential again.
By centralizing privileged credentials in one place, Cloud PAM systems ensure a high level of security and control over who is accessing them, logging all access attempts and monitoring for any suspicious, unauthorized activity. Saviynt’s Cloud PAM system manages privileged access across data, applications and a hybrid infrastructure, with industry-leading user experience and flexible approval workflow.
RISK-BASED ACCESS REQUEST AND CERTIFICATION
Featuring industry leading user experience and flexible approval workflow, Saviynt enables an intuitive UI for requesting privileged or emergency access. Saviynt makes it easy to configure maximum check out duration policies and multi-level approval workflow per system or privileged role. Governance is enforced by controlling who can request access to specific privileged accounts, categorized by business functions. Multiple owners can be defined per privileged account or role who are then responsible for periodic certification and review of their access. Maintain strict control over privileged / service account ownership management by tightly linking it to user lifecycle triggers e.g. if a privileged account / access owner changes jobs, Saviynt detects a potential transfer and launches a micro-certification process to identify new owners.