New ThycoticCentrify solution for control and management of privileged access to cloud platforms. Companies are increasingly relocating their internal applications to the cloud.
ThycoticCentrify, a leading provider of cloud identity security solutions that emerged from the merger of the leading Privileged Access Management (PAM) providers Thycotic and Centrify, enables AWS billing accounts and IAM accounts with its new cloud provider solution (Identity and Access Management) and AWS EC2 instances centrally and in real time.
Internal applications are more in the cloud
Companies are increasingly relocating their internal applications to the cloud. They often choose a “lift-and-shift” approach to migrate virtual machines (VMs) and applications to their preferred cloud provider. At the same time, they often create several different AWS accounts for each application project or department. In addition, each AWS account has its own master / billing account, IAM user accounts, and service accounts. Finally, there are the accounts of the virtual machines (VMs) to support an application.
Managing AWS master / billing account credentials is difficult because people are involved in any modification. In addition, AWS best practice recommends configuring multi-factor authentication (MFA) for an account that is controlled by AWS service enforcement. While automation tools can integrate new AWS EC2 instances into Privileged Access Management (PAM), operations, employees and auditors need a way to ensure and validate that all hosted virtual machines are recorded and properly secured.
Cloud provider solution for AWS
ThycoticCentrify's cloud provider solution for AWS addresses these problems by extending a number of existing PAM functions to continuously and automatically discover all AWS EC2 instances and thus ensure full visibility of the instances even in elastic auto-scaling Ensure groups. AWS master / billing accounts are securely stored in a password vault for emergencies. Interactive access to AWS accounts through the AWS Management Console, AWS CLI, SDKs, and APIs is tightly controlled. AWS IAM accounts and associated access keys are eliminated or secured in a vault to reduce the attack surface. At the same time, federated single sign-on based on the Security Assertion Markup Language (SAML) is a more secure and low-maintenance alternative. Continuous and automatic EC2 discovery and post-discovery processes ensure complete and precise transparency. As a result, EC2 instances and their privileged accounts are immediately secured and managed centrally.
Advantage: scalable cloud solution
“The cloud offers enormous advantages when it comes to scalability and availability. But it has also created new vulnerabilities for cyber attackers, which arise from inconsistent controls and the resulting problems in identity management, ”says Özkan Topal, Sales Director at ThycoticCentrify. “Our cloud provider solution for AWS provides real-time visibility into cloud workloads as they are added and removed. The management of privileged passwords and identities is automated. This ensures that administration and access controls are enforced and that complexity and risks are reduced at the same time. "
Özkan Topal, Sales Director at ThycoticCentrify (Image: ThycoticCentrify).
The basis of the cloud provider solution is a cloud-native spoke architecture (hub and spoke), grouped around the Centrify platform and Centrify gateway connectors, which use few resources. These integrate the cloud workloads into the Centrify platform. The offering can also automatically provision Centrify clients on discovered Windows and Linux instances for granular access control, auditing and the visual recording of sessions. It is also possible to log in without a password using ephemeral certificates from the Centrify platform via "Use My Account".
ThycoticCentrify's cloud provider solution is initially available for AWS and will soon be extended to Microsoft Azure and other cloud provider platforms.
More at Centrify.com
About ThycoticCentrify ThycoticCentrify is a leading provider of cloud identity security solutions that enable digital transformation on a large scale. ThycoticCentrify's industry-leading Privileged Access Management (PAM) solutions reduce risk, complexity and cost while protecting enterprise data, devices and code in cloud, on-premises and hybrid environments. More than 14.000 leading companies around the world, including more than half of the Fortune 100, trust ThycoticCentrify. Customers include the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Whether human or machine, in the cloud or on-premises - with ThycoticCentrify, privileged access is secure.