Securing Privileged Access for the Modern Enterprise: The Evolution of Cloud PAM

Zero Trust and Zero Standing Privilege – New Paradigms for Modern Computing Ecosystems

Today’s enterprises are embracing cloud technologies – and the dynamic business models that they enable – on an unprecedented scale. They’re supporting remote and geographically distributed workforces. They’re striving to provide new products and services at revolutionary speed. And they’re seeking cost and efficiency advantages that only the cloud can offer. As a result, they need to apply new paradigms when thinking about how to secure these environments.

Zero Trust is a radically different way of thinking about security architectures. Instead of relying on perimeter-based defenses to police an internal “trusted” zone where network traffic and entities are deemed safe, Zero Trust principles consider everything and everyone to be untrustworthy. Thus, every single user, device or application must prove who they are and why they need privileged access to a resource.

As a paradigm, Zero Trust consists of three core tenets:

Four Aspects to Access Limitation

Least Privilege

Least privilege ensures that users only gain access to the specific tools they need to complete a task.

Temporary Access

Zero Trust grants access on a “time-limited” basis, so access is automatically removed after a given period.

Gatekeeping

Zero Trust gatekeepers evaluate a user requesting access based on their identity profile and grants or denies access. Fine-grained entitlements allow the gatekeeper to grant precise access.

Zero Standing Privilege

Zero Standing Privilege means that no user will ever be able to bypass the gatekeeper. It’s crucial that no user ever has standing privilege based on location or device.

Zero Standing Privilege (ZSP) is a means of applying Zero Trust principles to problems in privileged access management. Originally coined by the analyst firm Gartner, ZSP means that instead of granting administrative privileges to accounts on a permanent basis, users, devices or services are granted access to privileged resources for a limited time only, on the basis of need. Each access request is decided according to predetermined policies or criteria based on behavioral analytics. ZSP is an example of a Just-in-Time access model.

Adhering to the Zero Trust paradigm means that whenever privileged access is granted, it’s granted for a limited time only, and is intended to be just enough access for the task at hand. Zero Trust combines ZSP with intelligent context-based decision making that takes place every time a user or application submits an access request. It enables organizations to secure identity as the new perimeter and prepares them to defend modern infrastructures against today’s threats.

Explore the eBook for a full scope on Cloud PAM:

  • Limitations of legacy PAM for cloud ecosystems
  • Securing privileged access in the cloud
  • Safeguards for software & machine service accounts
  • Calibrating cloud speed & security with DevSecOps
  • Saviynt’s innovative CPAM-as-a-service platform

Want to learn more about measuring the ROI of your identity investment?

Sean Ryan of Forrester shares five of his best practices for maximizing return on identity management investments. 

Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The platform brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience. The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance, including BP, Western Digital, Mass Mutual, and Koch Industries. For more information, please visit saviynt.com.

Want to talk to an identity and security expert?

#1 IGA Solution. New Identity Leader for the Cloud Era.

Gartner | 2021 IGA Solution Scorecard