Decision-makers who understand that identity is the new perimeter will view identity governance and PAM as among the most critical functions of their security solution stack. And the poor fit between legacy security processes and technologies and the needs of today’s cloud-based computing environments is especially salient when considering PAM solutions.
Yesterday’s PAM technologies typically handle privileged accounts by storing administrative accounts’ credentials in a password vault. These tools then grant privileged accounts rights to access resources. Typically, these rights are neither time- nor task-limited. Instead they have what is known as standing privilege: anyone with such rights has privileged access to resources for an unlimited amount of time.
And while traditional PAM solutions scan environments at regular intervals, those intervals weren’t designed to suit dynamic cloud environments where new services and workloads can be spun up and scaled down in minutes.
What’s more, traditional PAM solutions were designed to handle legacy user accounts that get accessed with a username and password and attached to a human identity. Many lack the capabilities needed to handle new cloud-based identities and machine-to-machine communications. They weren’t built to handle the Internet of Things (IoT), or Industrial Internet of Things (IIoT) device communications, or robotic process automation (RPA) bots. Nor were they designed to work with serverless functions, containers, or workloads-as-services, or to integrate into CI/CD pipelines.
73%
of companies say all or nearly all of the applications they use will be SaaS solutions by the end of 2021.
Source: IDC Research
As SaaS app adoption continues, it’s important to consider how this trend effects privileged access management at the application and individual user level. SaaS solutions manage identity and access in ways that are very different from their on-premises predecessors, which is becoming increasingly problematic for companies that have made the full — or partial — transition to the cloud. Why? Most legacy PAM vendors offer application control solutions that get deployed directly to endpoint solutions via agents. This approach provides privileged access by elevating applications instead of individual users. However, in our SaaS-driven world, this approach is quickly becoming obsolete. Legacy vendors don’t provide a modern means to manage these types of applications, and organizations should consider solutions that have addressed this gap in traditional PAM workflows.
Older PAM technology also introduces additional complexity into identity lifecycle management. It makes it relatively easy for orphaned accounts – belonging to terminated employees or other former users – to persist in the environment for long periods without monitoring or oversight.
Due to their hefty server and infrastructure requirements, traditional PAM tools are cumbersome to manage, even in entirely on-premises environments. Add the increased operational overhead that the cloud’s complexity brings, and security and identity teams will face an untenable burden.
The primary interfaces through which privileged access to any organization’s computing resources can be obtained are:
Organizations need to eliminate admin accounts and define privileges in more granular and creative ways.
Persistent privileged accounts are a key attack vector in an elastic cloud environment when static OS accounts are employed.
Traditional PAM tools fail to find and manage privileged-access vulnerabilities in code.
It’s extremely important to have an effective strategy for managing the permissions assigned to APIs in the cloud.
Because data resides here, it’s especially important to protect cloud databases. Failing to do so creates enormous risk exposure that can lead to large-scale breaches.
Should a privileged user’s workstation be accessed – or their laptop stolen – the risk of exposing access keys is high.
Sean Ryan of Forrester shares five of his best practices for maximizing return on identity management investments.
Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The platform brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience. The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance, including BP, Western Digital, Mass Mutual, and Koch Industries. For more information, please visit saviynt.com.
Saviynt named a Gartner® Peer Insights™ Customers’ Choice: IGA Learn More >