Video: Privileged Access Management Interview Q1

How do you manage PAM across multiple platforms (including Cloud), rather than just or prem? - Interview with: Joseph Carson, Chief Security Scientist, Thycotic.


First question is how do you manage uh pam across multiple platforms including cloud rather than just on-prem


That's already that's a great question it's a and a lot of kind of companies are facing that kind of question themselves and decision making around that i think it's first of all let's kind of step back and look at the two components one is there's there's one thing about is where you put the privileged access management solution itself where does it reside and for you know in the past it used to be only available on premise so you would actually have to have an instance on premise and managing your privileged accounts that's on premise and even plugging them into your cloud environment today modern pam solutions have the ability to do choice you can decide to have you know an on-premise solution you can decide to put it into a private cloud and a virtual environment or you can even actually get it deployed in the cloud as a basically sas application and just consume privilege access management from those areas so now basically organizations have the flexibility of choice of where they obtain and deploy their privileged access management solution the second part is about the targets of what accounts you want to manage and how you want to manage that access and as many organizations of course on-premise was you know the kind of the normality where they would have had more control over active directory more control over the local accounts and service accounts would actually be deployed on the systems but as they went through digital transformation and even this year alone digital transformation has accelerated significantly you know with things like the pandemic and having to work remotely so organizations had to adopt quickly and this means that they've had to adopt many new sas applications or infrastructure as a service or platforms as a service and they've really kind of got into this very mixture of a very hybrid multi-cloud environment whether those accounts are kind of hard coded and configured and they basically have to manage them as is or whether those solutions provide them with management capabilities for organizations to really manage that complexity and they get visibility across multiple clouds they definitely need a privilege access management that because it can actually manage and have that visibility so it's really important that if you are a company that is now using sas applications you've got you know your own cloud deployments or virtual systems you've got a mixer a mixture of on-premise as well then privilege access management can actually give you the visibility across those multiple cloud environments so it might be your azure accounts you get visibility and control over those in discovery it might be your aws accounts it might be sas applications like something like salesforce or um you might have expensify or even just you know company finance systems or hr systems provides access can really allow you to manage those accounts across those multiple environments and really give you the ability to even uh get auditability control over the security of those make sure you also separate or segregate you know we always talk about segregation of duties um you know rather than if you have cloud accounts and you know employees are going directly to the url and typing in the username and password they're going to be exposed to things like you know was it cross-right scripting they can be exposed to man in the middle attacks or evil portals that try to capture those credentials so rather than allowing employees to go directly you can give them the opportunity to actually go through a pam solution that actually will populate and autofill those passwords in the background so they don't even need to know themselves so it's really critical that pam solutions really provide organizations that much better auditability much better transparency additional security controls can they even added more security controls that some of those solutions don't even come with natively and then really expand the visibility and better security across a multi-hybrid environment and at the same time reduce the risk from cyber attacks.