Enabling Privilege Management in a Hybrid Cloud Environment
May 3rd, 2016
With more and more workloads migrating to public cloud infrastructures, IT organizations must contend with the complexities of managing hybrid cloud/on-prem/virtual environments. In the case of privileged access management, IT teams can benefit from solutions that span both on-prem and cloud/virtual environments.
BeyondTrust delivers privileged access management capabilities that can be used to securely delegate tasks and authorization across hybrid virtual/on-premises environments. With unified policy, management, reporting, and analytics across both on-premise and cloud environments, organizations can meet the stringent auditing demands on cloud usage. This capability is summarized in the diagram below.
Following are three (3) use cases where BeyondTrust solutions can be used in the cloud.
BeyondInsight, the BeyondTrust central management, policy, reporting and analytics platform, delivers multi-tenant capabilities enabling customers to host BeyondInsight in the cloud for business units or MSPs.
Whether BeyondInsight is managing cloud assets, extending your data center, or a hybrid approach, BeyondInsight in the cloud can manage Retina CS, PowerBroker Password Safe, PowerBroker for Unix & Linux, PowerBroker for Windows, and PowerBroker for Mac. This can provide privileged access and vulnerability for assets that have traversed across a dissolving perimeter including cloud assets and mobile devices. By installing BeyondInsight in the cloud, your environment can benefit from having a centralized management console that can communicate with anything from private cloud instances to laptops operating in the field without building infrastructure out in a typical datacenter DMZ.
2) Least Privilege
PowerBroker for Unix & Linux, the industry-standard solution for privilege delegation and Unix and Linux command elevation, can be used in the cloud.
All Unix and Linux systems – including those located in cloud environments – rely on shared and high privileged credentials, with ‘root’ being the most well-known and the most widely abused. PowerBroker for Unix & Linux allows for the control and audit of all credentials, especially those carrying high privilege capabilities.
The PowerBroker for Unix & Linux architecture allows cloud-specific configurations to be used, or hybrid policies designed, to connect cloud systems and share rights or use their own set of rights depending on where the requesting user and/or system is located. All of the audit data, including a full index of every keystroke entered during captured sessions, are made available via a number of interfaces, with the most popular being BeyondTrust’s BeyondInsight dashboard and reporting interfaces.
PowerBroker for Windows and PowerBroker for Mac, the patented solutions for least privilege and application control for Windows and OS X desktops and servers, can be installed in templates used for cloud instances and manage assets beyond the perimeter operating anywhere on the internet. Using BeyondInsight with our PowerBroker endpoint solutions in the cloud allows for laptops, notebooks, tablets, and other devices to participate in privileged access management initiatives and provide visibility into activity via a single dashboard. In addition, resources in the cloud used for virtually any business function can also ensure that privileged access is never a security risk for your organization.
3) Password and Session Management
PowerBroker Password Safe, the BeyondTrust solution for privileged password and session management, is based on the BeyondInsight technology and benefits from all the capabilities it provides from discovery to proxied session management. Deployments in the cloud can secure cloud resources, provide workflows for contractors and employees, and provide attestation of all privileged access to cloud resources.
If your organization is pursuing a hybrid IT strategy, and you want the protection that privileged access management delivers, download the technical brief on cloud security today!