Making Azure Cloud Environments Even More Secure with CyberArk

August 4, 2020 Chris Smith

Privileged Access Management for Microsoft Azure

A recent survey of technology executives at large firms showed that Microsoft Azure continues to be the most popular provider of public cloud services, even as Amazon leads the market overall in terms of revenue – a trend that appears to be holding. In the same survey, 66 percent of respondents predicted that they would be using Microsoft Azure three years down the line.

Last week, at Impact Live 2020, CyberArk shared new capabilities that developers, security teams and cloud architects can use to enhance the security of Azure cloud environments including:

Native Authentication for Microsoft Azure Workloads Requesting Secrets

Application workloads, containers and other apps running on Azure can natively authenticate to CyberArk’s secrets management solution. With CyberArk Application Access Manager or Conjur Open Source, applications running in Microsoft Azure that require credentials to, for example, access a database or other sensitive resource, can now natively authenticate to the secrets management platform.

The native authentication between the application and the secrets management solution, whether the enterprise or the open source version of CyberArk’s secrets management solution, use the underlying Managed Identity for Azure Resources from the Azure Active Directory. This authentication method is easier and more secure than storing an API Key for identification and most importantly eliminates the “secret zero” problem – the all too common challenge of needing a secret to get a secret.

Increased Flexibly Deploying CyberArk in Microsoft Azure and Multi-Cloud Environments

The recent release of CyberArk Privileged Access Security Solution v11.5 added capabilities to automate the deployment of CyberArk Vault environments in Azure and support multi-cloud and multi-region configurations options with Azure.

CyberArk customers can now automate the deployment of their primary and recovery vaults between AWS and Azure for improved performance and availability. For example, customers can choose to deploy their Primary Vault in Azure and their Disaster Recovery Vault in AWS.

CyberArk also supports automated deployment of vault environments across different regions and availability zones within the same cloud provider. Customers can deploy their Primary Vault and their Disaster Recovery Vault in different regions within the Azure global infrastructure. For example, customers could deploy their Primary Vault in one of Azure’s eastern US regions while deploying their Disaster Recovery Vault in Azure’s Western Europe region.

Credential Theft Detection for Microsoft Azure

In one of the keynotes at Impact 2020, CyberArk Vice Presidents of Product Management Karen Eldor and Yair Sade announced that CyberArk customers can now automatically detect the theft of Identity and Access Management (IAM) credentials that grant access to Azure environments.

One major theme of Impact was the idea that, in modern IT environments, all identities can become privileged under certain conditions. This is especially true in the cloud. All Azure IAM users – whether they are traditional privileged users, like IT admins, or standard workforce users (“non-privileged users”) – can potentially interact with sensitive resources after logging in to Azure environments with an IAM account. This makes Azure IAM credentials top targets for attackers.

CyberArk now addresses this challenge by detecting, alerting and automatically responding to potential compromise of IAM credentials. When suspected credential theft occurs, CyberArk automatically alerts the Security and Operations teams and rotates the credentials to remediate the situation.

As announced at Impact, upcoming versions of the CyberArk Privileged Access Security Solution will feature an Azure Resource Manager (ARM) template to automatically deploy these capabilities with the goal of accelerating deployment and simplifying administration. Extending threat analytics to detect and remediate other forms of privileged behavior in Azure is another key part of CyberArk’s roadmap.

CyberArk and Azure, Better Together

These new capabilities reflect our continued commitment to provide customers with more flexibility for how they deploy and run the CyberArk Privileged Access Security Solution in Azure, multi-cloud and hybrid environments, as well as to improve the security of Azure workloads and the resources they access

We continue to develop Azure capabilities and advance our partnership. For example, we help companies migrating their Windows server workloads to Azure get single pane visibility across their on-premises and cloud workloads. We support shared responsibility for security in the cloud from day one with a solution focused on protecting cloud access as well as human and non-human privileged users.

To learn more, visit the CyberArk Marketplace to get started with any of CyberArk’s integrations with Azure. If you missed Impact Live 2020, don’t worry – sign up for Impact Live on demand and check out “Securing Privileged Access in a Hybrid World.”

Previous Article
The Gartner 2020 Magic Quadrant for PAM is Here!
The Gartner 2020 Magic Quadrant for PAM is Here!

Today, we announced that CyberArk has been named a Leader in the Gartner 2020 Magic Quadrant for Privileged...

Next Article
Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners
Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners

Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the...