SlideShare a Scribd company logo

Managing Privileged Access in the Cloud

Amazon Web Services
Amazon Web Services

This document discusses best practices for managing privileged access in the cloud. It outlines some gaps in applying traditional privileged access management (PAM) tools to cloud environments, including not identifying all types of privileged identities and not reducing the attack surface. It presents some design principles for cloud-native PAM, including risk and governance awareness and converging identity governance and administration (IGA) and PAM. It also provides examples of PAM requirements for infrastructure as a service (IaaS) and software as a service (SaaS) and recommends design patterns to address PAM needs in cloud environments.

1 of 17
Download to read offline
intelligent identity. smarter security. Monitoring and Administrating Privileged Access in the Cloud
intelligent identity. smarter security. Overview • Managing privileged access in the cloud • What legacy PAM doesn’t address on AWS • Best practices & Design principles to solve for Cloud PAM needs • PAM for IaaS – Deep Dive
Gaps in applying legacy PAM to Cloud Lift and shift of traditional and legacy PAM products on cloud Not identifying all types of privileged identities on the cloud Solutioning PAM for SaaS apps like traditional apps Not reducing the attack surface Risk and Governance as an afterthought
Design principles Solving PAM needs of Cloud Cloud Native Risk and Governance Aware As a Service - IGA and PAM Convergence
intelligent identity. smarter security. SSH and Credential Vault Available on Saviynt Cloud and On-premises Audit Vault Analytics Engine Containerized SSH AWS ECS Cloud native technology approach Confidential 5 • Passwordless deployment architecture • Automated account discovery and onboarding • Auditability via logs and keystroke capture • Centralized control of environmental access • Integrated service account lifecycle management
PAM for IaaS and SaaS 6
intelligent identity. smarter security. 7 #1 - Privileged Access Visibility for Federated/Local Identities Federated Role PolicyIdentity Provider Federated Group Enterprise Permissions Cloud Services and Resources Organization’s access visibility AWS Access Visibility
intelligent identity. smarter security. 8 IT General Controls SOX FedRAMP HIPAA / HITECH PCI ITAR NERC / CIP & more… CIS S3 VPN Policies ALB Elastic- search RedShif t Profiles, Permission Sets Kinesis EBS SFDC Object s EC2 RDS ELB Cloud formation AWS IAM VPC TerraformViolations Remediate RISK IaaS, SaaS & DevOps Resources #2 - Map privileged access and security analytics to Compliance Frameworks
intelligent identity. smarter security. Users Cloud Services and Resources Privileges Enterprise Joiner Mover Leaver 9 #3 - Integrate HR systems with privileged access processes x 63% of organizations remove privileged access of terminated employees only after 24 hours
intelligent identity. smarter security. 10 HR Joiner Mover Leaver  Intelligent Self-Service / Delegated Access Request  Preventive policy evaluation including license violation  Risk-based Access Certification (event-based, periodic)  Birthright Provisioning  Role / Group Transport & Management  Link Federated Access  Segregation of Duty Management Least Privileged Access RISK EVALUATION Outlier | SOD | Business Policy | License #4 - Manage and govern privileged access lifecycle management by converging IGA and PAM as one solution/platform
intelligent identity. smarter security. #5 - Identify the Cloud conduits/interfaces and types of privileged identities 11 Mgmt. Console Instances/ Containers Command Line Serverless Cloud databases APIs DevOps tools
intelligent identity. smarter security. PAM requirements for IaaS 1 2 Mgmt. Console Instances/ Workloads Determining continuous access visibility Separate IDs for regular and privileged access Management of privileged access due to ephemeral nature of cloud Management of local OS user accounts
intelligent identity. smarter security. PAM requirements for IaaS contd. 1 3 Just-in-time Access assignment to Serverless functions Consuming lambda functions & services Alternative to managing long term API keys Determine access to APIs Serverless
intelligent identity. smarter security. Privileged access in AWS 1 4 Manage lifecycle of privileged identities Identifying accounts with super privileges Monitoring User-defined session names Visibility into usage of long term keys Cloud databases Command Line devOps tools Governance extensions across the IaaS ecosystem Inclusion of DevOps tools in IGA & PAM solutions
intelligent identity. smarter security. SEPARATE IGA THICK SSH/RDP CLIENT • Temporal access elevation + privileged ID assignment • Workload discovery and auto-registration • SSH key distribution and credential vaulting as a Service • Privileged session manager with inline command management • Integrated service account lifecycle management JUMPBOX PERSISTENT ACCOUNTS SOD RISK AWARE IMPLICIT GOVERNANCE CLOUD NATIVE Design patterns to solve PAM needs for IaaS and SaaS 1 5
intelligent identity. smarter security. 16 Cloud Security DevSecOps IGA PAM Key Solution Drivers Modular Single Platform Out-of-box controls Business-friendly Risk-driven Easy to integrate As a Service Usage-driven Analytics Benefits of a converged platform
Thank you Saviynt is located at booth #807 Have Further Questions – cpam@saviynt.com, cpam-sales@saviynt.com

Recommended

A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterForgeRock
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
ICT & Legal Research
ICT & Legal ResearchICT & Legal Research
ICT & Legal Researchamanlodha5
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignmentRini Mahade
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Fortinet Ürün Ailesi
Fortinet Ürün AilesiFortinet Ürün Ailesi
Fortinet Ürün AilesiGüney Bilişim
 

Recommended

A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterForgeRock
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Sox Compliance Presentation
Sox Compliance PresentationSox Compliance Presentation
Sox Compliance PresentationSkye Rogers
 
ICT & Legal Research
ICT & Legal ResearchICT & Legal Research
ICT & Legal Researchamanlodha5
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignmentRini Mahade
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Fortinet Ürün Ailesi
Fortinet Ürün AilesiFortinet Ürün Ailesi
Fortinet Ürün AilesiGüney Bilişim
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewITJobZone.biz
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016Hafiz Sheikh Adnan Ahmed
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
cyberedu_module_4_cybersecurite_organisation_02_2017.pptx
cyberedu_module_4_cybersecurite_organisation_02_2017.pptxcyberedu_module_4_cybersecurite_organisation_02_2017.pptx
cyberedu_module_4_cybersecurite_organisation_02_2017.pptxJean-Michel Razafindrabe
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDineshPrasad64
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Ali Fuad R
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 

More Related Content

What's hot

ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewITJobZone.biz
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
cyberedu_module_4_cybersecurite_organisation_02_2017.pptx
cyberedu_module_4_cybersecurite_organisation_02_2017.pptxcyberedu_module_4_cybersecurite_organisation_02_2017.pptx
cyberedu_module_4_cybersecurite_organisation_02_2017.pptxJean-Michel Razafindrabe
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDineshPrasad64
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Ali Fuad R
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

What's hot (20)

ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
cyberedu_module_4_cybersecurite_organisation_02_2017.pptx
cyberedu_module_4_cybersecurite_organisation_02_2017.pptxcyberedu_module_4_cybersecurite_organisation_02_2017.pptx
cyberedu_module_4_cybersecurite_organisation_02_2017.pptx
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Digital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptxDigital personal data protection act, 2023.pptx
Digital personal data protection act, 2023.pptx
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 

Similar to Managing Privileged Access in the Cloud

SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiVasu Surabhi
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityCA API Management
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyCA API Management
 
Identity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingIdentity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingOmerZia11
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).pptPepeMartin23
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 

Similar to Managing Privileged Access in the Cloud (20)

SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu Surabhi
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
 
Identity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingIdentity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computing
 
RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Lecture5
Lecture5Lecture5
Lecture5
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Managing Privileged Access in the Cloud

  • 1. intelligent identity. smarter security. Monitoring and Administrating Privileged Access in the Cloud
  • 2. intelligent identity. smarter security. Overview • Managing privileged access in the cloud • What legacy PAM doesn’t address on AWS • Best practices & Design principles to solve for Cloud PAM needs • PAM for IaaS – Deep Dive
  • 3. Gaps in applying legacy PAM to Cloud Lift and shift of traditional and legacy PAM products on cloud Not identifying all types of privileged identities on the cloud Solutioning PAM for SaaS apps like traditional apps Not reducing the attack surface Risk and Governance as an afterthought
  • 4. Design principles Solving PAM needs of Cloud Cloud Native Risk and Governance Aware As a Service - IGA and PAM Convergence
  • 5. intelligent identity. smarter security. SSH and Credential Vault Available on Saviynt Cloud and On-premises Audit Vault Analytics Engine Containerized SSH AWS ECS Cloud native technology approach Confidential 5 • Passwordless deployment architecture • Automated account discovery and onboarding • Auditability via logs and keystroke capture • Centralized control of environmental access • Integrated service account lifecycle management
  • 6. PAM for IaaS and SaaS 6
  • 7. intelligent identity. smarter security. 7 #1 - Privileged Access Visibility for Federated/Local Identities Federated Role PolicyIdentity Provider Federated Group Enterprise Permissions Cloud Services and Resources Organization’s access visibility AWS Access Visibility
  • 8. intelligent identity. smarter security. 8 IT General Controls SOX FedRAMP HIPAA / HITECH PCI ITAR NERC / CIP & more… CIS S3 VPN Policies ALB Elastic- search RedShif t Profiles, Permission Sets Kinesis EBS SFDC Object s EC2 RDS ELB Cloud formation AWS IAM VPC TerraformViolations Remediate RISK IaaS, SaaS & DevOps Resources #2 - Map privileged access and security analytics to Compliance Frameworks
  • 9. intelligent identity. smarter security. Users Cloud Services and Resources Privileges Enterprise Joiner Mover Leaver 9 #3 - Integrate HR systems with privileged access processes x 63% of organizations remove privileged access of terminated employees only after 24 hours
  • 10. intelligent identity. smarter security. 10 HR Joiner Mover Leaver  Intelligent Self-Service / Delegated Access Request  Preventive policy evaluation including license violation  Risk-based Access Certification (event-based, periodic)  Birthright Provisioning  Role / Group Transport & Management  Link Federated Access  Segregation of Duty Management Least Privileged Access RISK EVALUATION Outlier | SOD | Business Policy | License #4 - Manage and govern privileged access lifecycle management by converging IGA and PAM as one solution/platform
  • 11. intelligent identity. smarter security. #5 - Identify the Cloud conduits/interfaces and types of privileged identities 11 Mgmt. Console Instances/ Containers Command Line Serverless Cloud databases APIs DevOps tools
  • 12. intelligent identity. smarter security. PAM requirements for IaaS 1 2 Mgmt. Console Instances/ Workloads Determining continuous access visibility Separate IDs for regular and privileged access Management of privileged access due to ephemeral nature of cloud Management of local OS user accounts
  • 13. intelligent identity. smarter security. PAM requirements for IaaS contd. 1 3 Just-in-time Access assignment to Serverless functions Consuming lambda functions & services Alternative to managing long term API keys Determine access to APIs Serverless
  • 14. intelligent identity. smarter security. Privileged access in AWS 1 4 Manage lifecycle of privileged identities Identifying accounts with super privileges Monitoring User-defined session names Visibility into usage of long term keys Cloud databases Command Line devOps tools Governance extensions across the IaaS ecosystem Inclusion of DevOps tools in IGA & PAM solutions
  • 15. intelligent identity. smarter security. SEPARATE IGA THICK SSH/RDP CLIENT • Temporal access elevation + privileged ID assignment • Workload discovery and auto-registration • SSH key distribution and credential vaulting as a Service • Privileged session manager with inline command management • Integrated service account lifecycle management JUMPBOX PERSISTENT ACCOUNTS SOD RISK AWARE IMPLICIT GOVERNANCE CLOUD NATIVE Design patterns to solve PAM needs for IaaS and SaaS 1 5
  • 16. intelligent identity. smarter security. 16 Cloud Security DevSecOps IGA PAM Key Solution Drivers Modular Single Platform Out-of-box controls Business-friendly Risk-driven Easy to integrate As a Service Usage-driven Analytics Benefits of a converged platform
  • 17. Thank you Saviynt is located at booth #807 Have Further Questions – cpam@saviynt.com, cpam-sales@saviynt.com