Building Privileged Account Security into the Cloud

August 8, 2016 Karen Kiffney

In our regular conversations with customers and others, many tell us their organization is on a “journey to the cloud.” Inevitably, the discussion turns towards privileged accounts in cloud environments and how to secure them.  We have solid advice and answers for them – the CyberArk Privileged Account Security solution secures privileged accounts in applications, servers and management consoles in cloud environments in much the same way it works to secure privileged accounts located on-premises. Our solution is designed to support privileged accounts regardless of where they reside.  However, in cloud environments, there is more.

In order to maximize the benefits and flexibility of the cloud (and speed the process of migrating workloads to the cloud), many organizations engage the help of cloud orchestration and automation tools such as Chef and Puppet. These tools deliver efficiency when migrating to and managing cloud environments, allowing organizations to quickly move and deploy new instances and applications. It is this automation in cloud environments that provides an opportunity to employ “advanced” privileged account security methods and policies.

What do we mean by “advanced”?

Used with these tools, CyberArk can automate the process of securing privileged accounts in addition to securing the orchestration tools themselves.  Here are some use cases that demonstrate the use of Puppet:

  1. Automate the deployment of a new MySQL Server in AWS and seamlessly provision the newly created admin account directly to the CyberArk Digital Vault at the time of creation. We refer to this as Privileged Account Security “built into” the cloud environment.
  2. Secure the privileged accounts required by Puppet (ex. AWS console credential) in the CyberArk Digital Vault and enable Puppet to securely retrieve these credentials on-demand
  3. Automatically provision the agent required for secure application-to-application authentication to a new server at the same time it is created – for use when applications are developed on the server

These use cases not only improve efficiency and conserve resources, they also demonstrate improved security because the securing of privileged accounts occurs at the time of inception, rather than after a delay due to the timing of a scanning or discovery process. It’s this integration of Privileged Account Security with automation that delivers security aligned with the flexibility and convenience of the cloud.

Learn more about protecting privileged accounts in cloud environments here.

Previous Article
What’s Your Privileged Account Attack Surface?
What’s Your Privileged Account Attack Surface?

Discovery is the first step to establish effective privileged account security. In our experience and resea...

Next Article
New Network and Information Security Directive Aims to Mitigate Risks of a Cyber Attack on Critical Infrastructure
New Network and Information Security Directive Aims to Mitigate Risks of a Cyber Attack on Critical Infrastructure

As security incidents increase in frequency and impact, the European Union (EU) Council has approved the Ne...