Secure Your Cloud Infrastructure with Privileged Identity Management (PIM)

The Cloud Brings New Opportunities and New Challenges
In today’s economic environment, organizations are focused on reducing costs and doing more with less while still trying to remain competitive. This means that IT departments are facing greater scrutiny to ensure that they match key business needs and deliver intended results in the most efficient and cost-effective manner. To meet these challenges, IT organizations are increasingly moving away from a device-centric view of IT, to one that is focused on applications, information, and people. Cloud computing is a perfect fit for this new paradigm.

As an emerging trend that provides rapid access to dynamically scalable and virtualized IT resources, cloud computing promises new and exciting opportunities for organizations to create lean, robust and cost-effective IT infrastructures that better align with business goals.

The majority of organizations today are highly motivated to transition further into a cloud model - whether a public or private cloud - but they are hesitant to put their most mission-critical data in untested waters. Thus, certain tradeoffs with regards to control, compliance and security must be addressed before fully realizing those benefits.

Insider Threat in the Cloud
Although the cloud helps free organizations from operating their own servers, storage, networks and software, it also eliminates many of the traditional, physical boundaries that help define and protect an organization’s data assets, and introduces new risks as virtual servers and mobile virtual machines replace physical servers and firewalls.

While cloud computing removes the traditional application silos within the data center and introduces a new level of flexibility and scalability to the IT organization, the concentration of valuable data from potentially a multitude of customers represents an appealing target for attack from unethical system administrators as well as malicious Internet-based attackers, and should raise concerns regarding privileged user access.

The lack of visibility into the hiring standards and practices for cloud employees and a general lack of transparency into provider processes and procedures, such as how its employees are granted access to physical and virtual assets, make preventing data theft even more difficult. Depending on the level of access granted, a malicious insider may be able to harvest an organization’s confidential data or even gain control of the entire infrastructure with little or no risk of detection.

• Abuse and nefarious use of cloud computing
• Insecure interfaces and APIs
• Malicious insiders
• Account or service hijacking

With ever-changing chains of custody for sensitive data and applications in cloud environments, sensitive information should not be stored or processed in the cloud without visibility into the supplier's technology and processes to ensure the appropriate level of information protection. The administrative tools used to access the Hypervisor/VMM layer a cloud vendor manages must be tightly controlled to maintain a strong security posture. Organizations need to carefully analyze business and security requirements, and must evaluate the depth and reliability of security features and cloud service levels.

Compliance Concerns
One of greatest challenges for organizations leveraging cloud environments is demonstrating policy compliance. For many business functions commonly run in the cloud, such as hosting websites and wikis, it is often sufficient to have a cloud provider vouch for the security of the underlying infrastructure. However, for business-critical processes and sensitive data, it is absolutely essential for organizations to be able to verify for themselves that the underlying cloud infrastructure is secure.

The use of virtual machines adds further complexity into the mix, since creating an identity for an individual virtual machine and tracking that virtual machine from creation to deletion can be challenging for even the most mature virtualized environments. Proving that the physical and virtual infrastructure of the cloud can be trusted becomes even more difficult when those infrastructure components are wholly owned and managed by external service providers.

Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today. While an enterprise may be able to leverage several cloud computing services without a good identity and access management strategy, in the long run extending an organization’s identity services into the cloud is a necessary precursor towards strategic use of on-demand computing services.

Administrative Access & Privileged Delegation
BeyondTrust is the market-share leader for privileged identity management (PIM) solutions and enables security best-practices for a company’s most sensitive information, even in the cloud. Its PowerBroker suite is the only comprehensive enterprise-wide solution for servers, desktops, applications and devices in heterogeneous IT environments, including virtual servers, Windows and Linux/Unix.

PowerBroker for Virtualization
PowerBroker for Virtualization provides a unified solution to centrally address risks from undermanaged privileges in virtualized datacenter environments and privileged access tools to mitigate security risks and meet compliance requirements so organizations can adopt virtualization with confidence. It provides a cost-effective solution for consistent granular privilege identity management across guest operating systems as well as hypervisor hosts, through a single centralized management console. Privileged access security risks are mitigated, compliance requirements met, and organizations can adopt virtualization with confidence.

Key benefits of PowerBroker for Virtualization include:
• Granular delegation of administrative privileges to ensure support for compliance mandates and security standards
• Detailed and flexible reporting including keystroke logging of admin activities
• Two-click entitlement reports
• Programmable role-constrain mechanisms for segregation of duties
• Secures virtual guest and host hypervisors
• VMware ESX, Solaris Zones, AIX WPAR, IBM z/VM
• Support for more than 30 guest operating systems

Download "Securing Privilege Delegation in Public and Private Cloud Computing Infrastructure"