Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Cloud Use Cases: Critical PAM controls to secure a modern cloud environment


Written by Chris Smith

July 30th, 2019

Virtually all cloud security failures will be the customers’ fault. That’s what Gartner believes the future of cloud security for the enterprise will look like within the next four years. More than half of cloud security issues will be caused by inadequate management of identities, access and privileges.

“The challenge exists not in the security of the cloud itself, but in the policies and technologies for security and control of the technology. In nearly all cases, it is the user, not the cloud provider, who fails to manage the controls.”

  • Gartner, 2019 Innovation Insights for Cloud Security Posture Management 

Even today, research from McAfee found that organizations average 4.3 cloud threats each month, stemming from external actors, malicious insiders, or unintentional mistakes, resulting in 80% of organizations experiencing at least one compromised account.

Moving to the cloud demands that IT operations and security teams update their skills and practices to support a new way of working.

Let’s look at the top cloud use cases for the enterprise and outline how PAM controls help you lower risk.


Cloud security issue #1

Infrastructure-as-a-Service (IaaS)

McAfee investigated the top causes of cloud security failures in the enterprise and found that IaaS misconfiguration is rampant. Organizations typically have at least 14 misconfigured IaaS instances running at any given time, resulting in an average of 2,269 misconfiguration incidents per month. Most organizations have at least one AWS S3 bucket set with “open write” permissions, giving anyone and everyone access.

PAM for the cloud mitigates these IaaS vulnerabilities. With PAM you can:

  • Protect root accounts for servers you set up in the cloud.
  • Limit access to the cloud control panel for all critical resources.
  • Govern ongoing access to cloud resources.   
PAM in the Cloud

PAM in the Cloud. Powerful. Secure.

Try the only feature-complete, enterprise-class CLOUD PAM solution in the world.

Cloud security issue #2

DevOps CI/CD environments 

DevOps practices often inadvertently create security vulnerabilities directly tied to privilege management, dramatically increasing your attack surface.

Cloud services enable DevOps teams to scale up to tens of thousands of containers, servers, and applications and rapidly deploy them across multiple dev, test, and production environments. DevOps teams need on-demand access to cloud-based applications and databases to administer systems and debug issues.

Unlike traditional PAM solutions, PAM built for cloud use cases prioritize DevOps requirements for speed and scale. With PAM you can: 

  • Manage access to admin consoles controlling cloud development resources.
  • Secure how DevOps systems within the CI/CD toolchain talk to each other and with databases, applications and enabling systems.
  • Eliminate the need for hardcoded or externalized credentials by replacing risky secrets management practices with API calls to a secure PAM vault. 

Cloud security issue #3

SaaS applications  

Business teams often license cloud services directly, under the radar of IT. When people have trouble remembering multiple passwords, they may store credentials locally on their computer, within their Google accounts or in their browsers. Worse, they may use the same password for multiple tools and rarely, if ever, change them.

PAM controls lower the risk SaaS applications introduce into the enterprise: 

  • Browser plug-ins for single-sign-on inject stored credentials into browser-based SaaS tools so users can simply login to get their work done.
  • For a deeper level of control, PAM with SAML integration allows you to enforce consistent policies for password complexity and rotation.

PAM Built for the Cloud 

To solve for cloud scenarios, look for enterprise-scale PAM tools that are purpose-built for the cloud. There’s a difference between software originally designed for on-prem deployment that is simply “lifted and shifted” from an on-premises data center to the cloud and a solution that is built with the cloud in mind from the start. “Cloud-native” PAM is designed for the cloud and enables tighter integration between secrets, cloud-based infrastructure, and cloud-based applications. It can scale more rapidly to keep up, even with the velocity demands of DevOps teams. To help you fully capitalize on the promise of the cloud, choose cloud-native PAM solutions.

Learn more about cloud use cases for PAM in the whitepaper Critical Controls for Modern Cloud Security.


Like this post?

Get our top blog posts delivered to your inbox once a month.