Securing Privileged Identities.
A CloudKnox Case Study.
Being a publicly-traded company, the customer must adhere to numerous, regulatory standards. More specifically, the customer has to demonstrate that their IT infrastructure is adequately protected against insider and external threats on a regular basis.
Managing and securing privileged identities and access to sensitive systems, infrastructure and data is rapidly evolving as a must-have compliance mandate. The necessity to provide granular access control logs detailing all identity privileges and related activity within an organisation’s infrastructure is a fundamental requirement across just about every government and industry regulatory standard today.
The challenge for the customer was that the process for retrieving these logs meant employing a very tedious data collection method that included arduous tasks such as manual scraping, custom scripting and data massaging. Not only do such time-consuming methods demand the time and effort of multiple teams over several weeks but are highly error-prone as well.
An internal audit process revealed that the customer’s entire administrator community and several service accounts were granted much broader privileges than necessary. They discovered there was a considerably more pronounced insider threat that could have manifested through compromised credentials, a malicious insider or even just an honest administrator error.
In response to these findings, the customer ended up creating over 100 custom roles to limit the actions performed by users leveraging traditional RBAC methodology. However, this did not solve the problem of overprovisioning because they lacked the necessary tools to identify which actions were actually being performed. Moreover, the customer was now required to manage these custom roles on a quarterly basis adding more cost and complexity to the original problem.
To mitigate its challenges, the customer deployed CloudKnox across its entire VMware infrastructure. The following is a short summary of how they were able to overcome their challenges with the CloudKnox solution.
The customer quickly managed to create a centralised database of all actions performed by every identity. All administrators, service accounts, bots, scripting accounts that utilise API keys across all their vCenters was quickly accounted for. The customer was also able to generate daily reports that addressed their compliance posture and remediate any violations that were uncovered before the format audit.
Moreover, the customer’s compliance and audit teams were authorised to use CloudKnox directly to generate any reports they needed without requiring the assistance of their technical peers – a huge time and cost savings.
CloudKnox enabled the customer to reduce the time required to collect data from weeks to just a few minutes. In doing so, they not only managed to avoid legal issues, but saved hundreds of thousands that would have been otherwise spent on wasted man-hours.
The addition of unparalleled visibility of the customer’s IT infrastructure provided significant value to their security team as well. The first discovery they made was that about 70% of their vCenter users had not performed any actions in the last 90 days. Utilising CloudKnox they were able to quickly fix the situation by removing some of those users from vCenter and converting others to have permission to execute read-only actions.
The granular visibility and remediation capabilities provided by CloudKnox allowed the customer to quickly uncover over-provisioned identities and immediately implement measures to improve their security posture against insider threats. Such a measure cannot be overstated as insider threats are already the top concern of both SMBs and established enterprises alike.
Case study provided by CloudKnox.
To learn more about AVR’s Cloud Practice or to get a FREE 15-day trial. Contact us below.
Rob comes with over 25 years’ experience of working with start-ups in the cyber security space, having held leadership and business development roles in his fruitful career. He brings a combination of technical and business aptitude to resolving customer challenges.
Reports this week have announced that computers at the DCH medical centres have been infected with ransomware. Three hospitals that make up the group in Alabama were closed to new patients as the attack paralysed the health network’s computer system.