BLOG POST

Cloud Automation Capabilities for Rapidly Securing Cloud Assets

 

May 4, 2017 | Security and Risk Technology Partners | Chris Smith

The Urgency of Rapidly Securing Cloud Assets

As organizations increasingly work to leverage cloud based infrastructure, we see increased attacks and exploits of the vulnerabilities in cloud-based infrastructure. Vulnerable privileged accounts for cloud- based infrastructure all too often make these attacks particularly damaging. Consider, for example, the recent actions of determined hackers against FlexiSpy.

Organizations recognize that protecting their cloud assets is a responsibility they share with their cloud vendors.  As organizations work to secure their applications and other sensitive assets in the cloud, they want the same robust security capabilities they’ve had in their on-premises environments. And they want a solution from a leading vendor that they trust to protect their keys to the IT kingdom.

With the dynamic nature and fast pace of cloud deployments and innovation, security, IT and DevOps leaders not only want the most secure, scalable and comprehensive privileged account security solution, but also the convenience and flexibility of rapid deployment into their cloud environments.  They basically want robust security for the cloud now!

Deploying CyberArk in as Little as 15 Minutes

Using the new CyberArk cloud automation capabilities, organizations can, in as little as 15 minutes, automatically deploy and establish a complete CyberArk Privileged Account Security solution in their AWS environment. The CyberArk solution established by the automation tools includes the CyberArk Enterprise Password Vault®, CyberArk Privileged Session Manager®, CyberArk SSH Key Manager™ and a disaster recovery (DR) vault. With these new cloud automation capabilities, organizations are able to quickly have CyberArk solutions available, running on AWS, and ready for administrators to start securing the cloud assets.

The CyberArk solution runs on AWS and is designed to provide the same unparalleled, robust security and protection for privileged account and credentials that CyberArk offers with on-premises deployments – in fact it’s the same proven solution, just automated for deployment on AWS.

Leveraging AWS Best Practices

The cloud automation capabilities include CyberArk AMIs (Amazon Machine Images) and take advantage of AWS CloudFormation templates to automate the deployment of CyberArk solutions. CloudFormation is designed to give developers and systems administrators an easy way to create, manage and provision a collection of related AWS resources.

Importantly, the CyberArk architecture leverages AWS privileged account security best practices, including separate AWS Availability Zones for the primary and DR vaults. It is designed to ensure that the vaults are both independent from each other and also independent from the cloud assets secured.

Of course there are important prerequisites. First, you will need a valid CyberArk license and an AWS account. You will also need to set up the pre-configured AWS environment to prepare for the automated deployment of the CyberArk solution. This includes AWS VPCs (Virtual Private Clouds), private and public subnets, and Security Groups. Fortunately, to make it easier, an additional CloudFormation template is available from CyberArk to automate the set up and configuration of the AWS environment.

Other Cloud Solutions

We’re excited to offer these new cloud automation capabilities to facilitate deployments of CyberArk solutions for cloud customers. These new capabilities are in addition to our other security capabilities designed specifically for AWS, which include an integration with Amazon Inspector and CyberArk DNA to simplify discovery and prioritization of privileged account risk, enhanced AWS Access Key protection, and an integration with the AWS Security Token Service to allow secure single sign-on to the AWS Management Console. CyberArk also supports and works with other leading cloud vendors.

If you plan to attend the CyberArk Impact 2017 customer event in Italy later this month, you can learn more in the session lead by a Senior Solution Architect from AWS. Additional information about how to use CyberArk to secure privileged accounts and credentials in AWS is also available on our website.

 

Share This