The need to govern and secure privileged access has grown dramatically as more of today’s businesses outsource functions such as IT administration and rely on vendors to troubleshoot systems and applications. Gartner predicts enterprise IT outsourcing will be a $335 billion industry by 2019.
With massive data breaches making headlines seemingly every day and many of the most high-profile incidents involving third party access, protecting against the leading attack vector — compromised credentials — is top of mind for most organizations. However, traditional privileged identity management solutions require organizations to create and manage identities for outsourced IT administrators within their internal environment and grant VPN access. This practice increases risk as the gap between the number of disconnected privileged accounts and an authoritative identity provider grows, and more laptops establish VPN connections to internal networks. The result is an expansion of potential attack points for hackers, disgruntled insiders and malware.
Privileged access for third parties reduces an organization’s identity-related risk by enabling secure remote access for outsourced IT administrators and third party developers to its infrastructure through federated authentication.
The outsourcing service organization retains management of their employee identities, and the customer organization uses a trusted business partner to grant web-based access and privilege for systems and applications. Privileged access to specific resources is governed through automated request and approval workflows, monitoring with optional termination of privileged sessions and reconciliation of approved access versus actual critical infrastructure access.
Businesses can outsource to more than one service organization while ensuring identity lifecycle management for outsourced IT administrators and developers remains with their employer. This includes disabling their enterprise identity upon employment termination to avoid unauthorized access.
Security in the Cloud
While Infrastructure as a Service (IaaS) is a major component in planning a hybrid environment, many organizations still face a variety of challenges associated with IaaS adoption that impede those speed benefits. Centralized IT organizations cite cloud security as one of the top concerns, along with integration complexities, access and privilege management and app authentication. As more enterprises move toward a hybrid cloud model, these challenges continue to cause delays in workload migration. Organizations need to consider securing both their access to the IaaS management platforms as well as the IaaS virtual machines these platforms manage.
Organizations with servers both on-premises as well as hosted with one or more hosting providers such as Amazon Web Services, Microsoft Azure and Google Compute Engine; are protected for both access to the infrastructure hosting platform as well as the servers and applications that are hosted within that infrastructure.
Here are some examples of how these hybrid models can be protected:
- Secure authentication for access to AWS Console leveraging Active Directory Group to AWS IAM role mapping
- Active Directory integration for EC2 instances
- Multi-factor authentication for AWS console login, EC2 instance login and privileged command execution
- Lock down root accounts
- Privileged access request workflow
- Secure remote access without opening ports on Virtual Private Cloud (VPC)
There are a variety of benefits to protecting access in IaaS platforms. They include:
- Controls privileges and rights within the hosting platforms through role management
- Reduces risk of user impersonation through strong Multi-Factor Authentication
- Simplified enterprise login to Infrastructure management consoles for employees, contractors and Outsourced IT
- Control access and privileges on hosted virtual machines leveraging your existing Active Directory environment
Using a combination of federated privileged access for outsourced IT and multiple controls for hybrid cloud services will provide greater security in IaaS environments while permitting companies to maintain their existing on-premises security environments.
Learn more about the impact of outsourced IT on privileged access security.