The Power of Integrating Privileged Access Security and Identity Governance
August 21, 2018 | Technology Partners | Corey O'Connor
Privileged access across the enterprise continues to increase exponentially, and it’s not hard to see why. Interconnectivity, cloud and mobile-first strategies have enabled a distributed enterprise, in which more people work from home, on the go and in different locations. Business users extend outside of the organization to include vendors, contractors and partners – many of whom need privileged access to critical applications and data to perform their required tasks. Every day, countless non-human applications use privileged credentials to connect to sensitive resources across on-premises cloud, and hybrid environments, as well as DevOps processes.
Securing privileged access to an organization’s most sacred assets is critical in today’s modern threat landscape. Knowing “who” and “what” has access is key. Organizations need to certify each and every one of these privileged accounts – as well as verify when these accounts were last certified. Yet when it comes to managing users and their access entitlements, organizations often deploy two separate solutions to manage the identity lifecycle and access policies for privileged and non-privileged users. In fact, in many organizations, security and audit teams rarely talk to one another.
This siloed approach to managing who has access to what does more than leave dangerous security gaps and blind spots, it can result in:
- Increased dormant and orphaned privileged accounts: These unused accounts expand the attack surface and are typically “hidden” from normal management and audit.
- Privileged entitlement creep: Without full visibility, individuals’ access rights often grow beyond what they need to do their current jobs.
- Erroneous provisioning of privileged access: Without proper policies dictating separation of duties, privileged access can be mistakenly granted to people who do not need or should not have it.
- Loss of productivity: Without automated privileged access provisioning synchronized to lifecycle events, users are often forced to wait to access systems and data needed to do their jobs. This inconsistent governance, provisioning and authorization process can also result in access violations and regulatory action.
Available on the CyberArk Marketplace, the CyberArk Privileged Access Security Solution and SailPoint Identity Governance provide an integrated, policy-driven approach to – and a unified, single pane of glass view for – managing identity and access governance for all non-privileged and privileged users and environments across the enterprise.
By integrating the CyberArk Privileged Access Security Solution with the SailPoint IdentityIQ Privileged Account Management Module, organizations can close many of the security gaps from historic siloed approaches, while reducing risk and eliminating redundant processes related to managing non-privileged and privileged access. With this joint solution, organizations gain:
- Critical visibility and governance: Improving security by applying consistent controls and fully managing privileged users and application entitlement lifecycles.
- Reduced risk: Reducing the attack surface and enhancing regulatory compliance by limiting access privileges and consolidating certifications for privileged and non-privileged accounts to ensure users have the right access to the right safes.
- Simplified and centralized administration: Improving productivity by streamlining delivery of privileged account access, mitigating entitlement creep via regular de-provisioning and synchronizing and enforcing access controls based on unified security policies to reduce errors.
The CyberArk and SailPoint integration leverages the System for Cross-domain Identity Management (SCIM) server technology, which provides an open standard for easy integration with other security and technology partners. The CyberArk SCIM server is a Java application conforming to the SCIM standard. This allows an Identity provider like SailPoint to query and modify Privileged Data (such as Users, Groups, Accounts, Safes, and Permissions) through a web services interface (REST API). The SCIM server uses PACLI (to query and update privileged data from the CyberArk Vault) and the AIM Credential Provider (to retrieve account and login information).
Now is the time to harness the full power of Privileged Access Security and Identity Governance. Learn more about the CyberArk SailPoint integration on the CyberArk Marketplace and in this on-demand webinar.