Hidden Risks & Recurring Costs in Access Security
...and how to optimize your Total Cost of Ownership (TCO) of PAM
In a period of clear movement toward cloud-based hosting, certain tendencies and perhaps even false expectations are developing when it comes to security.
WALLIX’s mission has always been to deliver effective and affordable cybersecurity tools to organizations with even the tightest budgets. Therefore, from the very beginning, we have offered a robust, powerful Privileged Access Management (PAM) solution delivered in an all-inclusive appliance with both software and support.
Previously, people would expect to receive software as an installer and deploy it along with its software or hardware dependencies. Doing this requires – in a Linux and mostly Windows world, when speaking about PAM – installing the server OS, performing OS upgrades, then configuring. When finished, the next step would be to deploy dependencies such as the Database, deploy the software, and configure both.
And all this is only for starters. Over time, there are regular updates and upgrades to manage, and general monitoring to ensure that each piece remains compatible with the others as per editor requirements.
Today with virtualization, where software is provided as a Virtual Machine with the OS, and is upgraded, configured, hardened, and dependencies up and running upon deployment. Additionally, images can be generated, which saves enormously on set-up costs and reduces the skills required to set it up.
The container metaphor
The current challenge for many organizations is to go further in reducing costs of infrastructure. Virtual Machines (VMs) use a lot of memory and often duplicate functions that can be further shared within the infrastructure.
In one approach, you take a container that has a selected OS, deploy in the previous software installer mode with automation either created or provided by the software editor or third parties. This is DevOps.
In this scheme, the responsibility of securing the OS is with the maintainer of the image used, and the risk is shared between all users of these images. Thus it requires a more DevSecOps approach to keep it adequately secured. This is too often forgotten.
At WALLIX, we provide a full-service editor on our VMs that includes security analysis as well as patch and vulnerability management so that the pressure is on us, not on your internal teams.
The recurring risks
In the container world, the infrastructure is protected and the responsibility of the infrastructure provider stops there. You, however, still need to protect your OS and applications above and this remains your responsibility. Thus, the top of the stack, from the OS to your data, must be secured!
This new push to the cloud also provides new capabilities, to avoid lateral movement attacks, create many virtual networks, and manage routing, which complicates de facto human or automated scripts’ access to these networks.
It’s still necessary to set up a remediation strategy in case of breach, and thus to control what goes on in your network, when, and how it happens.
Speaking of the network, while you may have implemented some layers of security, you are still quite vulnerable to Malware…
The recurring costs
The not-so-hidden costs of complex cybersecurity appear while setting up protection infrastructure in addition to the infrastructure now residing on virtualized environments.
Cloud environments provide many services, also available as solution templates, but in the Infrastructure paradigm, they are costs on CPU/data/network or event. This is where products like SIEMs have made the value of their business model clear for years: with a vast quantity of events and data to sift through, the technology may be costly but you need it!
Smaller is beautiful
At WALLIX, we consider all of these factors and aim to provide the best possible solution to deliver maximum results for the lowest possible long-term cost. With optimized TCO (total cost of ownership), your security never has to be compromised for cost.
The latest version of the WALLIX Bastion Privileged Access Management solution helps you control events generated – and thus analyzed by external systems such as SIEMs. Only the most pertinent meta data and events can be filtered and sent to an external SIEM. You define what matters from your PAM activity and you define where to send it!
The Bastion also provides audit and system dashboards and reports in real time, reducing the need for functional maintainers and auditors to rely on an external systems. In addition, the Bastion continuously discovers new targets to help you get a full picture of which assets to protect and helps you onboards them automatically.
Ultimately, at WALLIX, our goal is to help you increase your security, not your costs.