Centrify Privileged Access Management:
Serving the Needs of Cloud Operations
CloudOps is a relatively new discipline that essentially applies traditional IT operations to cloud-based workloads. It formalizes and implements best practices and procedures necessary to deploy, run, and operate cloud-based workloads effectively and efficiently. As with DevOps, agility and keeping obstacles out of the way are critical for CloudOps. But no matter how fast you’re trying to get out of the way and innovate, you can’t leave security behind. Centrify PAM solutions provide this necessary security while minimizing the impact on CloudOps teams, allowing them to run at full speed.
Common CloudOps Challenges
With many organizations struggling to control administrative access to cloud platforms, threat actors are increasingly targeting them. A preferred target is the cloud providers’ management console that can allow a hacker to control all cloud infrastructure and services. Managing access and privilege at the console level and local IAM user accounts, passwords, and access keys remain a challenge for all organizations.
Deeper into the platform is a maze of interconnected virtual instances and containers that run your business applications. Centrally defining policies for access, privilege, and MFA while enforcing human and non-human authentication and privilege elevation at the virtual operating system level is a significant challenge, especially for workloads that scale up and down rapidly.
As organizations mature their use of the cloud, they will inevitably expand their footprint to additional cloud providers. While each provider offers free IAM tools to handle administrative access, inconsistencies and gaps in functionality will impact operational efficiency.
Finally, Cloud workloads natively operate based on thousands of identities belonging to various compute types with permissions to multiple resources (e.g., data, network, secret stores), each requiring specific access policies. Simply understanding and managing which permissions are available for each identity (whether human or machine) is a difficult task.
Let Centrify Help
Traditional PAM solutions are overly dependent on manual configuration. Designed for the datacenter, they can’t adapt to hybrid cloud infrastructures without introducing additional complexity and operational overhead, leaving security gaps and negatively impacting agility.
With Centrify PAM, you can:
Secure Access to Cloud Management Consoles
Bring existing cloud provider accounts under centralized management quickly and easily. Protect the “keys to the kingdom” cloud provider root/billing account ID and password, enable password rotation, and strictly control access to them for emergencies only with optional just-in-time access request and approval workflows. Enforce MFA policy during login to the console as a best practice for privileged user access.
Reduce Identity Sprawl
Avoid expanding your attack surface with yet another silo of identities in the cloud provider platform. Enforce least privilege and streamline login for your privileged users by supporting federated SSO using their enterprise identity, leveraging short-lived SAML tokens. You can apply this both to interactive login to the management console and programmatic access through cloud provider CLIs, APIs, and SDKs. For those native cloud IAM accounts that you can’t eliminate, secure them along with their access keys in the Centrify Vault Suite and strictly control access.
Enable Cross-Boundary Access for Multi-Cloud
Multiple cloud service providers are becoming the norm, each using different mechanisms to address admin access-related risk. Centrify PAM is critical to maintaining cloud service provider neutrality and avoiding lock-in to any single cloud offering. Furthermore, through centralized identity management, identity consolidation, and federated login, it helps avoid identity sprawl and minimizes an organization’s attack surface.
Achieve Continuous Discovery and Automation
Without a complete and current view of all virtual machines in your cloud, you can’t guarantee complete security policy coverage and avoid unsanctioned systems deployed by a threat actor (internal or external). Virtual machine discovery is, therefore, essential. However, a traditional scheduled discovery gives them too big a window of opportunity. For elastic environments, Centrify modern PAM introduces continuous discovery of VPCs, VNets, and virtual instances.
Post-discovery automation completes the picture by automatically deploying Centrify PAM to the discovered systems to bring them under your security policy management. You can’t afford to give a threat actor any time to provision a rogue instance and then exploit it to further their data breach efforts.
Centralize Privileged Access Management
Human or machine, in the cloud or on-premises — Centrify PAM enables centralized, cross-cloud management of administrative access policy definition and administrative access enforcement at scale. This ensures the continuous operation of cloud platforms and applications and consistent security policies across the entire enterprise.