As enterprises embrace a mix of cloud and on-premises deployments of key IT assets, they are using PAM for hybrid cloud security.
Hybrid IT security: making it work
The only thing that’s arguably more irritating than having your know-it-all brother-in-law ask you for free tech support is when he corners you at a party and asks you, “So, you’re moving everything to the cloud. Am I right?” Yup. That’s about where non-IT people think things are at, but you know better.
What can you say to your brother-in-law, other than “Please, get a life!”? You could mutter, “It’s a little more complicated than that” and wander off in search of another beer. What you want to say is, “There is no cloud. There are clouds – public and private, with a lot of different, specialized platforms like IaaS, PaaS, DRaaS, DBaaS and on and on… Plus, the heavy iron we already paid for and spent years setting up in the data center – that’s not going anywhere anytime soon…”
That beer is looking pretty appetizing, but you will still have to deal with a lot of unknowns in the cloud when the party’s over. Industry hype is one thing. Reality is another. The cloud has plenty of cost and agility benefits. However, for many reasons, the migration from on-premise infrastructure to the cloud is going to take a while and it may never be finished. For one thing, some systems simply aren’t built for the cloud. They’ll be end-of-life before it will ever make sense to transition them. Security, performance and compliance concerns keep other IT assets out of the cloud.
Hybrid IT is emerging as a common solution for established companies. In this approach, an IT department selectively moves systems to the cloud as they are ready. Some organizations create a “cloud first” rule where any new system automatically goes into the cloud. Eight out of ten enterprises have embraced Hybrid IT, according to an industry survey. The problem is Hybrid IT security. In the same survey, 62% of respondents worried that they were “flying blind.”
Nearly two-thirds of IT managers surveyed were not sure what they were running in the cloud.
The Challenge of Hybrid IT Security and PAM
If you work with Privileged Access Management (PAM), that’s a frightening statistic. How can you know what your privileged users are doing if you don’t even know what you’re running in the cloud?
The noted enterprise architect and author, Dan Sullivan, explored Hybrid IT security issues in his article, Five hybrid cloud security issues to overcome. Compliance was one area of concern for Sullivan. He wrote, “Maintaining and demonstrating compliance can be more difficult with a hybrid cloud. Not only do you have to ensure that your public cloud provider and private cloud are in compliance, but you also must demonstrate that the means of coordination between the two clouds is compliant.” Demonstrating compliance will involve defining and enforcing policies for Privileged Access Management for Hybrid IT. Controlling and managing privileged users make possible compliance.
Sullivan also noted that hybrid constructs rely on APIs and complex network configurations that “push the limits of traditional system administrators' knowledge and abilities…hybrid cloud is a complex system that admins have limited experience in managing -- and that creates risk.” With admins struggling like this, how will you deal with privileged users in such an environment?
Sullivan touches on this point, commenting, “Existing security controls such as authentication, authorization and identity management will need to work in both the private and public cloud. To integrate hybrid cloud security protocols, there are two options:
- Either replicate controls in both clouds and keep security data synchronized, or
- Use an identity management service that provides a single service to systems running in either cloud.
Allocate sufficient time during your planning and implementation phases to address what could be fairly complex integration issues.”
While true, what he’s talking about is not easy to do with most identity and privileged access management (PAM) solutions. Privileged Access Management in Hybrid IT demands a level of flexibility and ubiquity that most solutions simply don’t provide.
PAM needs to be able to work with any privileged account on any platform in the hybrid IT environment. In order to provide effective hybrid IT security, a PAM solution has to be easy to deploy, simple and efficient to maintain regardless of whether it’s on a legacy system, a private cloud or a public cloud.
It won’t surprise you that we’re here to tell you that the WALLIX solution is all of that.
WALLIX for Privileged Access Management in Hybrid IT
WALLIX’s PAM solution establishes pervasive, sustainable PAM across the Hybrid IT environment. Its single gateway has single sign-ons for access by system admins. With this capability, the IT department can define and enforce access policies for admins as well as for the employees who need system access. Wallix AdminBastion Suite is able to span cloud and on-premises system deployments.
WAB Suite’s agent-less architecture is well-suited to the highly varied infrastructure scenarios found in Hybrid IT. Other PAM solutions require a software agent installed on each target system. This is effectively a non-starter when systems are spread out across multiple platforms in cloud and on-premises combinations. When agents are required, PAM will likely be abandoned or neglected to the point where it won’t perform its basic functions. WAB Suite helps ensure that you won’t fall into this trap.
Want to know more? How about a free demo?