BR +55 11 3069 3925 | USA +1 469 620 7643

How to Manage Cloud Environments through a PAM Solution

by | Jan 18, 2021 | BLOG

In recent years, the mass adoption of cloud-based solutions, leveraged by the migration of the workforce to remote models caused by the covid-19 pandemic, has brought new levels of speed and scalability to organizations. Through this migration, it was possible to reduce administration time and costs compared to on-premises infrastructure models, thus allowing IT teams to focus on other critical projects. For this reason, according to Gartner, more than half of global companies that already use Cloud will adopt a 100% Cloud-based strategy by 2021.

Despite this, the adoption of Cloud technologies has brought new challenges for Security teams. In these environments, the number of users accessing cloud resources through privileged credentials, both personal and machine ones, grows dramatically. The consequence is an increase in activity in these environments, which makes the attack surface even bigger. Consequently, Information Security risks are greater, which affects business continuity.

However, the biggest of these challenges is that, with its decentralized infrastructure, it is easier to experience configuration errors in the environment, which makes it possible for malicious attackers to perform cyberattacks. This considering that in cloud-based models, managing privileged access to workloads, services, and applications remains the organization’s responsibility, and not the Cloud provider’s. 

According to McAfee, 99% of configuration failures in Cloud environments are due to the users of these solutions, not the cloud provider. In addition, organizations must ensure that data exchanged between these providers and their infrastructure is adequately protected. 

In this scenario, new regulatory requirements for the protection of personal data, such as LGPD and GDPR, must also be taken into account. In the case of Brazilian law, sanctions can reach up to 2% of a company’s revenue or 50 million reais. As for organizations that handle personal data of European citizens, this figure varies from 2% to 4% or up to 20 million Euros. These data protection laws require that security incidents be properly reported after their discovery, including the causes and respective actions to stop any data leaks.

In this context, the implementation of a Privileged Access Management solution, or PAM, such as senhasegura, allows reinforcing the posture in Information Security, thus avoiding data leaks that can cost millions in sanctions of data protection laws. The main use cases linked to adequate protection of Cloud environments include:

Infrastructure-as-a-Service (IaaS)

The adoption of Infrastructure as a Service allows rapid provisioning of processing and storage resources to suit the needs of the Operations team. IaaS solutions reduce infrastructure management time, allowing for a reduction in operating costs. In addition, by using the default settings of Cloud providers, those responsible for Information Security can expose sensitive data to malicious attackers.

Some of the most common configuration failures include the association of default permissions with privileged credentials in the environment, lack of encryption of data exchanged between the organization’s environment and Cloud providers, or failure to use additional security mechanisms, such as Multi-factor Authentication.

In this case, the management of privileged credentials through senhasegura allows the proper management of permissions and protection of privileged accounts configured in Cloud environments.

DevOps environments

With the digital transformation, much has been said about reducing costs and increasing the speed of software development. One way to achieve this is through the use of DevOps methodologies. Considering DevOps as a new way of working, new security issues are also introduced throughout the development pipeline, from product planning and construction to implementation and monitoring. In DevOps environments, which depend on coding, careless developers may allow leaks of confidential information, such as secrets, through APIs or poorly configured containers, without realizing the respective security risks. 

senhasegura, as a PAM solution, allows adequate management of access to container management consoles, microservices, databases, and orchestration tools used for the development and implementation of applications. Also, senhasegura ensures the traceability of individual user actions and script or automation accounts that affect environments. This is essential not only for compliance but also for the overall health of the development pipeline.

SaaS applications

The migration of the workforce to remote models has also accelerated the adoption of cloud-based solutions. According to research conducted by McAfee, organizations use an average of 1,935 SaaS applications, such as productivity tools – Office 365, Google Apps, and Salesforce, for example. And with the increasing amount of this type of application, the attack surface to be exploited by malicious attackers also increases. Still according to McAfee, the threats associated with Office 365 have grown 63% in the last two years.

In this case, when using senhasegura to manage SaaS credentials, it is possible to inject them and access the tools transparently for users. In addition, the activity logging functionalities through logs allow effective visibility and control of actions performed in the environment. senhasegura can also be integrated with Identity Management solutions or Active Directory, providing Role-Based Access Controls (or RBAC) for proper governance of SaaS functions at different user levels while providing Security teams with adequate visibility and control, thus ensuring full adherence to the organization’s security policies.

With the rapid increase in adherence to Cloud-based models, ensuring the protection of resources in these environments should not be seen as just a security requirement, but as a business imperative. In this context, senhasegura as a PAM solution was developed for cloud environments, allowing complete integration between DevOps applications, in addition to infrastructure and Cloud-based applications. senhasegura allows you to scale and reduce the efforts to maintain a distributed architecture, even with the growing demands of DevOps teams. By choosing a fully cloud-ready tool, you can use all the benefits offered by this distributed architecture, reducing associated business risks, and ensuring business continuity.

Applying Zero Trust to PAM

The implementation of the Zero Trust-based security model has gained space in recent times, promoting the default approach of never trusting, and always checking before granting access to a company's perimeter. This practice is extremely important to ensure...

How to Apply Account Lifecycle Management?

In this article, we will show you how account lifecycle management works through best practices and what are the advantages of investing in the senhasegura PAM solution.  Our text is divided by topics. They are as follows: What Is Account Lifecycle and Its Management?...

Password Vault: A Complete Guide

The use of many credentials to access various services often causes people to opt for weak passwords or the reuse of passwords, making loopholes for the action of malicious agents.  Moreover, the explosion in the number of connected devices due to technologies such as...

Secrets of Cyber Resilience

In recent years the world has considerably evolved, with organizations increasingly adopting digital initiatives, like Cloud, IoT, Big Data, Artificial Intelligence and Machine Learning. And the Covid-19 pandemic has forced organizations to accelerate the adoption of...

Gartner Identity & Access Management Summit Why should you consider attending

Cybersecurity is an increasingly present topic at meetings at all levels of an organization. And with the increase in digitalization and connectivity of companies, cyber risks are increasingly associated with business risks and are not limited only to large...
Copy link
Powered by Social Snap