SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Thycotic acquires Onion ID, launches new access management products
Thu, 4th Jun 2020
FYI, this story is more than a year old

Thycotic has acquired Onion ID, a privileged access management (PAM) solutions provider, and has added new products to its PAM portfolio to protect enterprise cloud apps and better enable remote workers.

The three new products are Thycotic Remote Access Controller, Thycotic Cloud Access Controller and Thycotic Database Access Controller.

These products focus on PAM use cases protecting access to SaaS applications, IaaS infrastructure, and ensuring remote workers stay productive and secure, the company states.

One key focus for the new products is a Zero Trust security approach for remote employees and third parties who need access to corporate resources.

Zero Trust describes the principle of least privilege when it comes to remote access channels, ensuring that third parties have access to only those resources required to do their jobs.

In this scenario, security teams must control who can access what and when, in order to protect corporate resources and comply with regulatory mandates.

Thycotic Remote Access Controller automates the management of remote workers accessing the IT resources. The Controller uses multi-factor authentication (MFA) and session recording, without requiring software or browser extensions, to enforce corporate security and compliance policies.

The API suite that can be integrated into automated workflows and ticketing systems, Remote Access Controller streamlines access grants for contractors within a centralised web portal.

Thycotic Cloud Access Controller, on the other hand, ensures that administrators accessing IaaS platforms such as Amazon Web Services (AWS) and SaaS applications like Salesforce and Twitter maintain appropriate Role Based Access Controls (RBAC).

This dictates what each user can click, read, or modify within any web application. Administrators also have a centralised dashboard which displays what applications have been accessed, access removal, audit report production and more, for tighter security and streamlined compliance.

KuppingerCole founder and principal analyst Martin Kuppinger says, “Cloud Management consoles, like those on Azure, AWS, and GCP, pose significant security risks to every company.

“Over-privileges are a common fact and most organisations lack granular visibility into whether privileged users have unnecessary entitlements and provisions.

Finally, Thycotic Database Access Controller enables enterprises to adopt modern cloud databases from AWS (RDS), Google, Azure, Oracle, Redis, and others, while still enforcing appropriate access levels, MFA, and complete reporting and auditing workflows.

With this product, customers can record entire database access sessions, provide just-in-time access, report and log actions, generate alerts and cut off connections in an automated manner.

This simplifies privileged access and compliance requirements for security teams, and protects databases containing sensitive employee and customer PII, the company states.

Thycotic president and CEO James Legg says, “With the sudden growth of remote workforces across the globe, privileged access security controls must also account for ordinary business users, like those in finance and marketing, who are accessing sensitive and privileged corporate data from untrusted devices on untrusted networks.

“With the addition of Onion ID, we are now able to implement fine-tuned Role Based Access Controls across any web-based application, IaaS console, and cloud-hosted database, while providing flexible multi-factor authentication that gives security leaders a significantly easier way to ensure secure access paths for remote employees.

Onion ID CEO and founder Anirban Banerjee says, “By joining forces with Thycotic, we are enhancing our commitment to delivering user-friendly authentication, authorisation and auditing to cloud servers, databases and applications.

“We are launching a diverse set of next-generation PAM 2.0 offerings in the market which will enable enterprise customers to elevate their security controls above and beyond current best of breed solutions and reduce costs with secure remote access.

Thycotic vice president of product management Jai Dargan says, “The very definition of privileged access has undergone a paradigm shift due to the changing landscape of work - from central offices to personal residences on the edge.

“Legacy appliance-based PAM solutions have not been effective in extending privileged access controls to cloud environments and are simply unusable as password vaults for business users.

"This acquisition extends Thycotic's security umbrella over every user, application, and secret, securing high-risk cloud resources that have historically been the domain of conventional IAM vendors.

Financial terms of the Onion ID deal have not been disclosed. As part of the transaction, Onion ID will operate under Thycotic brand and leadership.