Hybrid Cloud Security: Making it Work with PAM

The only thing that’s arguably more irritating than having someone ask for free tech support is when they ask you, “So, you’re moving everything to the cloud. Am I right?” That’s about where non-IT people think things are, but you know better.

What can you say, other than “Please, get a life!”? You could mutter, “It’s a little more complicated than that.” What you want to say is, “There is no cloud. There are clouds – public and private, with a lot of different, specialized platforms like IaaS, PaaS, DRaaS, DBaaS, and on and on… Plus, the servers we already paid for and spent years setting up in the data center – those aren’t going anywhere anytime soon…”

Even if you answer the question to your satisfaction, you will still have to deal with a lot of unknowns in the cloud. Industry hype is one thing, reality is another.

The cloud has plenty of benefits, like lower cost and greater operational agility. However, for many reasons, the migration from on-premise infrastructure to the cloud is going to take a while and it may never be finished. For one thing, some systems simply aren’t built for the cloud. They’ll be end-of-life before it will ever make sense to transition them. Security, performance, and compliance concerns might keep other IT assets out of the cloud.

Hybrid IT is emerging as a common solution for established companies. In this approach, an IT department selectively moves systems to the cloud as they are ready. Some organizations create a “cloud first” rule where any new system automatically goes into the cloud.

82% of enterprises have embraced Hybrid IT, according to an industry survey. The problem is Hybrid IT security. Years after many began their movement to the cloud, security continues to be a primary concern. Many IT managers don’t even know which parts of their business run on the cloud and which don’t.

The Challenge of Hybrid IT Security and PAM

If you work with Privileged Access Management (PAM), that’s a frightening thought. How can you know what your privileged users are doing if you don’t even know what you’re running in the cloud?

The noted enterprise architect and author, Dan Sullivan, explores Hybrid IT security issues in his article, Five hybrid cloud security issues to overcome. Compliance was one area of concern for Sullivan. He writes, “Maintaining and demonstrating compliance can be more difficult with a hybrid cloud. Not only do you have to ensure that your public cloud provider and private cloud are in compliance, but you also must demonstrate that the means of coordination between the two clouds is compliant.” Demonstrating compliance will involve defining and enforcing policies for Privileged Access Management for Hybrid IT.

Sullivan also notes that hybrid constructs rely on APIs and complex network configurations that “push the limits of traditional system administrators’ knowledge and abilities…hybrid cloud is a complex system that admins have limited experience in managing — and that creates risk.” With admins struggling like this, how will you deal with privileged users in such an environment?

Sullivan touches on this point, commenting, “Existing security controls such as authentication, authorization and identity management will need to work in both the private and public cloud. To integrate hybrid cloud security protocols, there are two options:

  • Either replicate controls in both clouds and keep security data synchronized, or
  • Use an identity management service that provides a single service to systems running in either cloud.

Allocate sufficient time during your planning and implementation phases to address what could be fairly complex integration issues.”

While true, what he’s talking about is not easy to do with most identity and privileged access management solutions. Privileged Access Management in Hybrid IT demands a level of flexibility and ubiquity that most solutions simply don’t provide.

PAM needs to be able to work with any privileged account on any platform in the hybrid IT environment. In order to provide effective hybrid IT security, a PAM solution has to be easy to deploy, simple, and efficient to maintain regardless of whether it’s on a legacy system, a private cloud, or a public cloud. The WALLIX solution is all of that.

WALLIX for Privileged Access Management in Hybrid IT

WALLIX establishes pervasive, sustainable PAM across the Hybrid IT environment. Its gateway has single sign-ons for access by system admins. With this capability, the IT department can define and enforce access policies for admins as well as for the employees who need system access. WALLIX Bastion is able to span cloud and on-premises system deployments.

WALLIX Bastion’s agentless architecture is well-suited to the highly varied infrastructure scenarios found in Hybrid IT. Other PAM solutions require a software agent installed on each target system. This is effectively a non-starter when systems are spread out across multiple platforms in cloud and on-premises combinations. When agents are required, PAM will likely be abandoned or neglected to the point where it won’t perform its basic functions. WALLIX Bastion helps ensure that you won’t fall into this trap.

Want to know more? How about a free trial?