ThycoticCentrify Cloud Automation Bundle Automates Cloud Privilege Management
ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, today announced enhancements to its PAM solution for DevOps, DevOps Secrets Vault. The latest release helps DevOps teams harden their cloud attack surface through Encryption-as-a-Service technology, which automatically encrypts data for all applications.
DevOps Secrets Vault generates just-in-time, dynamic secrets that automatically expire when cloud platform administrators, developers, applications or databases need to access a target. Even if these ephemeral secrets are leaked, any would-be attacker is limited in what they can do and has a limited window in which to do it. This high-speed secrets management helps eliminate friction within existing workflows and the need for developers to hardcode secrets or store them in external libraries.
Cloud security demands PAM designed for the cloud
Cloud growth has increased privileged accounts and credentials to a state that’s unmanageable without automated processes. As enterprises become more reliant on the cloud for infrastructure, application development and business process automation, Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS) and DevOps toolchains are vulnerable to privileged account attacks.
According to the most recent Verizon Data Breach Report, more than 77 percent of cloud breaches involve compromised credentials. In fact, 80 percent of organisations operating in the cloud experience at least one compromised account each month, stemming from external actors, malicious insiders or unintentional mistakes, reports McAfee.
A multi-layered approach to cloud security
DevOps Secrets Vault is available as a standalone vault for organisations with existing PAM solutions and within ThycoticCentrify’s Cloud Automation Bundle, a single package of ThycoticCentrify’s integrated cloud PAM solutions.
Enterprise PAM reduces cloud risk with controls for authentication, authorisation, and auditing. Even with multiple business and technical functions utilising different types of cloud resources, ThycoticCentrify provides a consolidated view of privileged access across an entire organisation so IT security teams can manage privileges according to consistent policies. Automation and simple, policy-based controls replace time-consuming, error-prone manual privilege management.
“These latest updates contribute to an even more comprehensive solution that we’ve built into the cloud automation bundle,” says ThycoticCentrify Vice President of Product, Jai Dargan. “With the need for cloud security skyrocketing, enterprises can now address these new use cases more efficiently with an integrated solution.”
Integrated solution for automated, cloud privilege management
ThycoticCentrify’s Cloud Automation Bundle is an integrated solution for automated, cloud privilege management which is comprised of the following elements:
Secret Server is the hub for comprehensive, enterprise PAM for the entire attack surface, including cloud platforms. It can discover privileged accounts, vault credentials, ensure password complexity, delegate access and manage sessions for infrastructure, applications and services with consistent PAM policies and practices.
DevOps Secrets Vault supports dynamic secret creation for MySQL, PostgreSQL and Oracle, as well as cloud platforms such as AWS, Azure and GCP. It integrates into CI/CD workflows with support for Jenkins, Kubernetes, Terraform, Ansible, Chef and programming languages Java, Go, Python, Ruby and .NET. Secrets data, SSH keys and file replication are automatically synchronised between DevOps Secrets Vault and Secret Server for close coordination.
Connection Manager, in combination with Secret Server, saves time by automatically injecting privileged credentials directly into a remote session. IT and developer teams never need to enter or even see passwords. This eliminates the possibility of leaving sensitive information in system memory and opening the door to Pass-the-Hash attacks.
Privileged Behavior Analytics prevents privileged account abuse. Advanced machine learning detects anomalies in privileged account behaviour and automatically takes action in Secret Server before a cyber threat becomes a cyber catastrophe. When risk scores pass acceptable thresholds, Secret Server can immediately rotate passwords, require additional authentication, or increase session monitoring.