SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Why BeyondTrust privileged access management matters on AWS
Mon, 19th Jul 2021
FYI, this story is more than a year old

A move to the cloud is a no-brainer for organisations that need flexibility and scalability in their IT systems.

According to a survey from BeyondTrust, enterprises expect more than half (57%) of their workloads to be in the cloud by next year. However, many organisations underestimate the breadth of security challenges that naturally come with a move to the cloud.

While organisations split data and processes across multiple clouds, security processes like identity and access management remain siloed. It's akin to organisations putting all of their workload eggs in one basket, and unfortunately, it can cause problems later on.

Identity is the new perimeter for the cloud. In any cloud environment, organisations need to be able to discover, monitor and manage user access to maintain the appropriate levels of security.

Take Amazon Web Services, for example. The platform provides basic identity and access management controls and other monitoring capabilities, but there is a caveat: like other cloud providers, AWS follows a shared responsibility model that means while it is responsible for running the platform, AWS customers are responsible for managing data, assets, and user privileges across all AWS-hosted services.

That means AWS customers must have the right tools and technologies to make sure their AWS environments are secure.

Privileged Access Management (PAM) comprises cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment.

Managing user privileges in the cloud can be challenging when security teams are juggling siloed tools and maintain user privileges across staff, contractors, vendors, and partners across many different services.

However, true PAM solutions should be able to secure every user, asset, and session in any cloud environment, including AWS. Ideally, PAM solutions should be flexible enough to be deployed on the cloud, on-premise, or on a private cloud.

BeyondTrust's portfolio of Privileged Access Management allows customers to manage and monitor user access to IT assets and applications, implement the principle of least privilege - securely access workloads remotely. These solutions can be deployed and managed on-prem, on cloud or a hybrid environment of both.

BeyondTrust's PAM offerings include Privileged Password Management, Endpoint Privilege Management, and Secure Remote Access  - each of these can be deployed individually or combined for maximum privilege control. These solutions can each be managed via the BeyondInsight platform, which centralises administration, reporting and auditing.

BeyondTrust PAM also offers:

  • Continuous Discovery and onboarding of privilege accounts and cloud instances:

    BeyondTrust Password Safe leverages resource brokers deployed on the AWS cloud segments to provide continuous scanning, detection and onboarding of assets. It provides a rich set of APIs to allows dynamic workloads to register themselves for better user management.
  •  Secure privilege credentials and session management: BeyondTrust helps ensure that access is protected with strong credentials and streamlines rotation of these credentials. All human and service access to cloud resources is validated and can be monitored in real-time.
  • Helps Enforce Zero Standing Privileges: BeyondTrust leverages AWS as a dynamic provider to create just in time accounts for providing access to users. This reduces the risk of always-on accounts that are leveraged by attackers to gain access or expand their access.
  • Streamlines Remote Access: seamless access to highly segmented cloud environments deploying jump points. The jump points leverage secure HTTPS connectivity to the BeyondTrust solution to enable remote users to access their workloads deployed in AWS. As outgoing HTTPS is mostly allowed in these networks, it simplifies operational overhead in enabling access while providing a single enforcement point for enforcing policy and monitoring. This also helps reduce the risk of misconfiguration which may lead to external access and compromise.
  • Centralised Management and Audit: BeyondTrust provides robust reporting that gives a central view of user privileges. These reports address many of the common reports that the security team needs to provide to demonstrate compliance with government and industry regulations.

Learn more about Securing, Managing, - Auditing All Privileged Access in a Hybrid - Multicloud World here.