SlideShare a Scribd company logo
1 of 17
Download to read offline
intelligent identity. smarter security.
Monitoring and
Administrating Privileged
Access in the Cloud
intelligent identity. smarter security.
Overview
• Managing privileged access in the cloud
• What legacy PAM doesn’t address on AWS
• Best practices & Design principles to solve for Cloud
PAM needs
• PAM for IaaS – Deep Dive
Gaps in applying
legacy PAM to
Cloud
Lift and shift of traditional and legacy PAM
products on cloud
Not identifying all types of privileged identities on
the cloud
Solutioning PAM for SaaS apps like traditional
apps
Not reducing the attack surface
Risk and Governance as an afterthought
Design principles
Solving PAM needs of Cloud
Cloud Native Risk and
Governance Aware
As a Service -
IGA and PAM
Convergence
intelligent identity. smarter security.
SSH and Credential Vault
Available on Saviynt Cloud and On-premises
Audit Vault
Analytics Engine
Containerized SSH
AWS ECS
Cloud native technology approach
Confidential 5
• Passwordless deployment architecture
• Automated account discovery and onboarding
• Auditability via logs and keystroke capture
• Centralized control of environmental access
• Integrated service account lifecycle management
PAM for IaaS and SaaS
6
intelligent identity. smarter security.
7
#1 - Privileged Access Visibility for Federated/Local
Identities
Federated
Role
PolicyIdentity
Provider
Federated Group
Enterprise
Permissions
Cloud Services and Resources
Organization’s access visibility AWS Access Visibility
intelligent identity. smarter security.
8
IT General Controls
SOX
FedRAMP
HIPAA / HITECH
PCI
ITAR
NERC / CIP & more…
CIS
S3
VPN
Policies
ALB
Elastic-
search
RedShif
t
Profiles,
Permission
Sets
Kinesis
EBS
SFDC
Object
s
EC2
RDS
ELB
Cloud
formation
AWS
IAM
VPC
TerraformViolations
Remediate
RISK
IaaS, SaaS & DevOps Resources
#2 - Map privileged access and security analytics to
Compliance Frameworks
intelligent identity. smarter security.
Users
Cloud Services and Resources
Privileges
Enterprise
Joiner
Mover
Leaver
9
#3 - Integrate HR systems with privileged access
processes
x
63% of organizations remove privileged access of terminated employees
only after 24 hours
intelligent identity. smarter security.
10
HR
Joiner
Mover
Leaver
 Intelligent Self-Service / Delegated
Access Request
 Preventive policy evaluation including
license violation
 Risk-based Access Certification
(event-based, periodic)
 Birthright Provisioning
 Role / Group Transport & Management
 Link Federated Access
 Segregation of Duty Management
Least
Privileged
Access
RISK
EVALUATION
Outlier | SOD | Business Policy | License
#4 - Manage and govern privileged access lifecycle management by
converging IGA and PAM as one solution/platform
intelligent identity. smarter security.
#5 - Identify the Cloud conduits/interfaces and
types of privileged identities
11
Mgmt.
Console
Instances/
Containers
Command Line
Serverless
Cloud databases APIs
DevOps tools
intelligent identity. smarter security.
PAM requirements for IaaS
1
2
Mgmt.
Console
Instances/
Workloads
Determining continuous access visibility
Separate IDs for regular and privileged
access
Management of privileged access due to
ephemeral nature of cloud
Management of local OS user accounts
intelligent identity. smarter security.
PAM requirements for IaaS contd.
1
3
Just-in-time Access assignment to Serverless
functions
Consuming lambda functions & services
Alternative to managing long term API keys
Determine access to APIs
Serverless
intelligent identity. smarter security.
Privileged access in AWS
1
4
Manage lifecycle of privileged identities
Identifying accounts with super privileges
Monitoring User-defined session names
Visibility into usage of long term keys
Cloud databases
Command Line
devOps tools
Governance extensions across the IaaS ecosystem
Inclusion of DevOps tools in IGA & PAM solutions
intelligent identity. smarter security.
SEPARATE IGA
THICK SSH/RDP CLIENT
• Temporal access elevation + privileged ID
assignment
• Workload discovery and auto-registration
• SSH key distribution and credential vaulting
as a Service
• Privileged session manager with inline
command management
• Integrated service account lifecycle
management
JUMPBOX
PERSISTENT ACCOUNTS
SOD RISK AWARE
IMPLICIT GOVERNANCE
CLOUD NATIVE
Design patterns to solve PAM needs for
IaaS and SaaS
1
5
intelligent identity. smarter security. 16
Cloud
Security
DevSecOps
IGA
PAM
Key Solution Drivers
Modular
Single Platform
Out-of-box controls
Business-friendly
Risk-driven
Easy to
integrate
As a Service
Usage-driven
Analytics
Benefits of a converged platform
Thank you
Saviynt is located at booth #807
Have Further Questions –
cpam@saviynt.com,
cpam-sales@saviynt.com

More Related Content

What's hot

OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An IntroductionForgeRock
 
AWS - Lambda Fundamentals
AWS - Lambda FundamentalsAWS - Lambda Fundamentals
AWS - Lambda FundamentalsPiyush Agrawal
 
JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化
JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化
JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化Shuji Kikuchi
 
AWS Summit Seoul 2015 - 국내 사례로 본 클라우드 운영 최적화 (이주완-메가존)
AWS Summit Seoul 2015 -  국내 사례로 본 클라우드 운영 최적화  (이주완-메가존)AWS Summit Seoul 2015 -  국내 사례로 본 클라우드 운영 최적화  (이주완-메가존)
AWS Summit Seoul 2015 - 국내 사례로 본 클라우드 운영 최적화 (이주완-메가존)Amazon Web Services Korea
 
회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트:: AWS Summit O...
회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트::  AWS Summit O...회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트::  AWS Summit O...
회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트:: AWS Summit O...Amazon Web Services Korea
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksAmazon Web Services
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...Amazon Web Services Korea
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 
Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018
Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018
Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018Amazon Web Services
 
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAmazon Web Services
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 

What's hot (20)

OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
AWS - Lambda Fundamentals
AWS - Lambda FundamentalsAWS - Lambda Fundamentals
AWS - Lambda Fundamentals
 
JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化
JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化
JAWS-UG 横浜 re:Invent re:Cap week1 EC2ストレージパフォーマンスの進化
 
AWS Summit Seoul 2015 - 국내 사례로 본 클라우드 운영 최적화 (이주완-메가존)
AWS Summit Seoul 2015 -  국내 사례로 본 클라우드 운영 최적화  (이주완-메가존)AWS Summit Seoul 2015 -  국내 사례로 본 클라우드 운영 최적화  (이주완-메가존)
AWS Summit Seoul 2015 - 국내 사례로 본 클라우드 운영 최적화 (이주완-메가존)
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트:: AWS Summit O...
회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트::  AWS Summit O...회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트::  AWS Summit O...
회사 계정/패스워드 그대로 AWS 관리 콘솔 및 EC2 인스턴스 사용하기 - 이정훈, AWS 솔루션즈 아키텍트:: AWS Summit O...
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018
Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018
Under the Hood of Amazon Route 53 (ARC408-R1) - AWS re:Invent 2018
 
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
 
SDDC Strategy 1.3
SDDC Strategy 1.3SDDC Strategy 1.3
SDDC Strategy 1.3
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 

Similar to Managing Privileged Access in the Cloud

SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiVasu Surabhi
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityCA API Management
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst   Savvis Cloud API Case StudyGartner Catalyst   Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyCA API Management
 
Identity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingIdentity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingOmerZia11
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).pptPepeMartin23
 
Cloud security privacy- org
Cloud security  privacy- orgCloud security  privacy- org
Cloud security privacy- orgDharmalingam S
 

Similar to Managing Privileged Access in the Cloud (20)

SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu Surabhi
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst   Savvis Cloud API Case StudyGartner Catalyst   Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
 
Identity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingIdentity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computing
 
RSASecureID.ppt
RSASecureID.pptRSASecureID.ppt
RSASecureID.ppt
 
RSASecureID (2).ppt
RSASecureID (2).pptRSASecureID (2).ppt
RSASecureID (2).ppt
 
Cloud security privacy- org
Cloud security  privacy- orgCloud security  privacy- org
Cloud security privacy- org
 
Lecture5
Lecture5Lecture5
Lecture5
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Managing Privileged Access in the Cloud

  • 1. intelligent identity. smarter security. Monitoring and Administrating Privileged Access in the Cloud
  • 2. intelligent identity. smarter security. Overview • Managing privileged access in the cloud • What legacy PAM doesn’t address on AWS • Best practices & Design principles to solve for Cloud PAM needs • PAM for IaaS – Deep Dive
  • 3. Gaps in applying legacy PAM to Cloud Lift and shift of traditional and legacy PAM products on cloud Not identifying all types of privileged identities on the cloud Solutioning PAM for SaaS apps like traditional apps Not reducing the attack surface Risk and Governance as an afterthought
  • 4. Design principles Solving PAM needs of Cloud Cloud Native Risk and Governance Aware As a Service - IGA and PAM Convergence
  • 5. intelligent identity. smarter security. SSH and Credential Vault Available on Saviynt Cloud and On-premises Audit Vault Analytics Engine Containerized SSH AWS ECS Cloud native technology approach Confidential 5 • Passwordless deployment architecture • Automated account discovery and onboarding • Auditability via logs and keystroke capture • Centralized control of environmental access • Integrated service account lifecycle management
  • 6. PAM for IaaS and SaaS 6
  • 7. intelligent identity. smarter security. 7 #1 - Privileged Access Visibility for Federated/Local Identities Federated Role PolicyIdentity Provider Federated Group Enterprise Permissions Cloud Services and Resources Organization’s access visibility AWS Access Visibility
  • 8. intelligent identity. smarter security. 8 IT General Controls SOX FedRAMP HIPAA / HITECH PCI ITAR NERC / CIP & more… CIS S3 VPN Policies ALB Elastic- search RedShif t Profiles, Permission Sets Kinesis EBS SFDC Object s EC2 RDS ELB Cloud formation AWS IAM VPC TerraformViolations Remediate RISK IaaS, SaaS & DevOps Resources #2 - Map privileged access and security analytics to Compliance Frameworks
  • 9. intelligent identity. smarter security. Users Cloud Services and Resources Privileges Enterprise Joiner Mover Leaver 9 #3 - Integrate HR systems with privileged access processes x 63% of organizations remove privileged access of terminated employees only after 24 hours
  • 10. intelligent identity. smarter security. 10 HR Joiner Mover Leaver  Intelligent Self-Service / Delegated Access Request  Preventive policy evaluation including license violation  Risk-based Access Certification (event-based, periodic)  Birthright Provisioning  Role / Group Transport & Management  Link Federated Access  Segregation of Duty Management Least Privileged Access RISK EVALUATION Outlier | SOD | Business Policy | License #4 - Manage and govern privileged access lifecycle management by converging IGA and PAM as one solution/platform
  • 11. intelligent identity. smarter security. #5 - Identify the Cloud conduits/interfaces and types of privileged identities 11 Mgmt. Console Instances/ Containers Command Line Serverless Cloud databases APIs DevOps tools
  • 12. intelligent identity. smarter security. PAM requirements for IaaS 1 2 Mgmt. Console Instances/ Workloads Determining continuous access visibility Separate IDs for regular and privileged access Management of privileged access due to ephemeral nature of cloud Management of local OS user accounts
  • 13. intelligent identity. smarter security. PAM requirements for IaaS contd. 1 3 Just-in-time Access assignment to Serverless functions Consuming lambda functions & services Alternative to managing long term API keys Determine access to APIs Serverless
  • 14. intelligent identity. smarter security. Privileged access in AWS 1 4 Manage lifecycle of privileged identities Identifying accounts with super privileges Monitoring User-defined session names Visibility into usage of long term keys Cloud databases Command Line devOps tools Governance extensions across the IaaS ecosystem Inclusion of DevOps tools in IGA & PAM solutions
  • 15. intelligent identity. smarter security. SEPARATE IGA THICK SSH/RDP CLIENT • Temporal access elevation + privileged ID assignment • Workload discovery and auto-registration • SSH key distribution and credential vaulting as a Service • Privileged session manager with inline command management • Integrated service account lifecycle management JUMPBOX PERSISTENT ACCOUNTS SOD RISK AWARE IMPLICIT GOVERNANCE CLOUD NATIVE Design patterns to solve PAM needs for IaaS and SaaS 1 5
  • 16. intelligent identity. smarter security. 16 Cloud Security DevSecOps IGA PAM Key Solution Drivers Modular Single Platform Out-of-box controls Business-friendly Risk-driven Easy to integrate As a Service Usage-driven Analytics Benefits of a converged platform
  • 17. Thank you Saviynt is located at booth #807 Have Further Questions – cpam@saviynt.com, cpam-sales@saviynt.com