+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

The new cloud security question PAM experts need to answer

Written by Jordan True

February 19th, 2019

Enterprises are no longer asking, “is the cloud secure?” with the same anxiety and fear they expressed just a few years back. As long as cloud-based IT resources are protected in a highly secure environment (such as SOC2 data centers) and demonstrate advanced security controls, enterprises have gotten on board the cloud train.

The pace and scale of cloud adoption has accelerated rapidly. Today, 73% of enterprises have already adopted cloud technology, and another 17% intend to do so in the next 12 months. In the next 18 months, non-cloud delivery will account for less than a third (31%) of the average IT environment, according to IDG.

Gartner expects 30% of all new PAM deployments to be cloud based by the end of this year

Among Thycotic’s enterprise customers, pioneering organizations are being led by executive management to become 100% cloud. This is particularly true for enterprises in high-tech, telecom, and manufacturing industries.

The new cloud question on the table

This isn’t to say cloud security is no longer an issue. Rather, enterprise IT leaders are now asking, “are we using the cloud securely?” Each type of cloud model—Infrastructure-as-a-Service, Software-as-a-Service, public, private and hybrid environments—has different ramifications for your privilege security strategy.

For security teams and IT admins responsible for privileged access management, the cloud has introduced new opportunities and new challenges. Cloud computing requires more dynamic protections and policy-based controls to address new types of data security, comply with increasingly stringent regulations, and manage privileged access.

Below are some key reasons why.

Enterprises have tens of thousands of privileges and thousands of users, servers, and applications

As you transition more and more IT to the cloud, managing growing capacity and maintaining top performance for Privileged Access Management (PAM) solutions can be tricky with an on premise approach. If on-premise solutions take up valuable systems resources or require hours or days to learn, not only will your team lose productive time, they may avoid using the tools entirely.

A cloud-based PAM solution has the ability to scale easily. It can match the growth of your privileged accounts, applications and users, without slowing down other resources or losing control. That’s one reason Gartner expects 30% of all new PAM deployments to be cloud based by the end of this year.

Privilege management for third-party and SaaS applications

Growing enterprises can quickly lose track of privileged accounts, especially secrets that manage third-party or SaaS applications, such as SalesForce.com. The average enterprise is already using over 1,935 distinct cloud-based services. Many of these applications are licensed and managed directly by business functions and can fall off the radar of IT and security teams who typically manage privileged accounts.

PAM designed with the cloud as a priority (what we call “PAM for the cloud,”) enables tighter integration between secrets, cloud-based infrastructure, and cloud-based applications. With this approach, critical privileged accounts and credentials are controlled centrally and resources and sensitive data are more secure.

Cloud-ready PAM allows for rapid authentication, password rotation and sophisticated management and control capabilities. Secure Authentication Markup Language (SAML), used for integration between PAM solutions and cloud apps, is one example of cloud-ready capabilities.

PAM for cloud-based services and software development

As we’ve discussed in previous posts on the connection between DevOps and PAM, at least half of IT organizations are using DevOps for a wide variety of mission-critical applications. With DevOps often comes infrastructure as a service (IAAS) and a whole new world of privileged credentials you must protect.

Yes, I said “you.” Not the cloud vendor. Even as your enterprise moves more systems to the cloud, managing access to those workloads and platform services is still your responsibility.

Imagine virtual machines running around out of control, or the speed and scale required by DevOps. In its Market Guide, Gartner warns that through 2020, 95% of IaaS security failures will be the customer’s fault, and 50%+ will be attributed to inadequate management of identities, access and privileges.

Automated, cloud-based services make PAM more challenging and more critical. That’s why analysts predict that by 2020 40% of medium-to-large enterprises will have deployed PAM tools to address infrastructure as a service (IaaS) privileged security concerns. 

The bigger your footprint, the more care and feeding 

With growth comes higher expectations. Employees and customers rely on IT resources to be available whenever they need them. What’s more, any break in service could mean an open window for a cyber criminal.

High Availability for an enterprise means 99.9% uptime, 24×7. Global enterprises with customers around the world need the assurance of georedundancy found with a cloud PAM solution, provided as a scalable service.

Additionally, a SaaS model for PAM reduces hardware costs, turning CapEx into OpEx that can be budgeted for over time. SaaS lets enterprise teams spend time focusing on other strategic security priorities instead of maintaining equipment, managing updates, and patching software.

How will you answer the new cloud question?

We talk about the impact of cloud computing on cyber security in the webinar, How Cloud Adoption Makes PAM in the Cloud a Top Priority.

Watch on-demand now.

JOIN OUR MAILING LIST

Get updates, free resources and in-depth how-to's

SHARE THIS


The following two tabs change content below.

Jordan True

Jordan is a social media strategist, digital community manager and a lover of all things IT. She currently manages the Social Media Program at Thycotic and loves to connect with technology communities online and at enterprise IT events. Addicted to the outdoors, you can find Jordan on the running trails in her free time or sharing the latest InfoSec buzz on Twitter @ThycoticJordan.