Privileged Access Manager– White Paper

CONTENTS

Executive Summary ............................................................................................................................ 2

Introduction to Privileged Identities ................................................................................................. 3
Types of Privileged Identities ............................................................................................................. 3
Risks of Unmanaged Privileged identities ......................................................................................... 4
Potential threats of unmanaged privileged identities ...................................................................... 5
Why managing privileged identities are important? ........................................................................ 5
Understanding the Cloud ................................................................................................................... 7
A Comparison of Cloud Computing Models ...................................................................................... 7
Cloud Computing Deployment Models ............................................................................................. 7
Private Cloud ...................................................................................................................................... 8
Public Cloud ........................................................................................................................................ 8
Hybrid Cloud ....................................................................................................................................... 8
Cloud Services..................................................................................................................................... 9
Impetus to move on Cloud............................................................................................................... 11
Business Drivers: Do you need a solution to manage privileged identities on cloud? .................. 12
Privileged Access Management on Cloud ....................................................................................... 15
16 Key Drivers to PAM on Cloud ...................................................................................................... 16
Software-as-a-Service (SaaS): The First Step ................................................................................... 17
Infrastructure-as-a-Service (IaaS): Step Two ................................................................................... 17
Platform-as-a-Service (PaaS): The Final Frontier ............................................................................ 18
Deployment Architectures on Cloud ............................................................................................... 19
Infra on cloud, PAM on Prem:.......................................................................................................... 20
Iraje Privileged Access Management Solution differentiators ....................................................... 21
Cloud Implementation review checklist .......................................................................................... 24
Bottom Line ...................................................................................................................................... 25

© Iraje Confidential – All Rights Reserved 1

Privileged Access Manager– White Paper

Executive Summary

As the world grows more and more networked with workloads getting automated through technology
transformations and the workplace becoming virtual, the need for securing data, governing accesses
and mitigating risks has increased multi-fold.

Enterprises stepping on the cloud paradigm to optimize on infra requirements, scale operations and
move their application workloads need to focus equally on the security of the data and the super user
credentials that also reside in cloud.

A plethora of point solutions have come up to address this growing need to managing and securing
super user credentials. From password vaults to traditional identity verification and Single Sign On
solutions, there are many offerings available that help manage the identity and accesses of privileged
users on cloud.

Fundamental to managing this challenge is to look for the use cases and map it to the solution that
meets these use cases better than other solutions.

There are few scenarios which loosely is referred to as a Cloud PAM solution.

PAM on Cloud PAM for Cloud PAM on Cloud

Infra on Cloud PAM on Prem and Infra on Infra on Premise + Infra on
cloud Cloud

This white paper explores these uses cases and how Iraje PAM can help manage,
monitor, control and discover, comply & secure your cloud environments better.

© Iraje Confidential – All Rights Reserved 2

Privileged Access Manager– White Paper

Introduction to Privileged Identities

Privileged identities are users or accounts that hold elevated permission to access files, install and run
programs, and change configuration settings. They have access to operating systems, database
servers, user directories, network devices, and enterprise resource planning applications. Privileged
users could be system, database, or network administrators, support personnel and application
owners. These accounts allow unrestricted access to view and change data, alter configuration
settings, and run programs. Typically associated with hardware and software assets (and not with any
one user), privileged identities grant “super-user” access to virtually every resource on your network.
Privileged accounts are the most powerful accounts in the organisation because -

• Privilege accounts have access to sensitive information.

• The passwords are rarely changed but known to many.
• There is no individual user accountability.

Types of Privileged Identities

Privileged identities are usually categorized into the following types:

• Common/Shared Administrative Accounts – The non-personal accounts that exist in virtually

every device or software application. These accounts hold “super user” privileges and are
often shared among IT staff. Some examples are: Windows Administrator user, UNIX root
user, and Oracle sys account.
• Privileged Personal Accounts – The powerful accounts that are used by business users and IT
personnel. These accounts have a high level of privilege and their use (or misuse) can
significantly affect the organization’s business. Some examples are: the Super user, DBA user
etc.
• Application Accounts – The accounts used by applications to access databases and other
applications. These accounts typically have broad access to underlying business information
in databases.
• Emergency Accounts – Special generic accounts used by the enterprise when elevated
privileges are required to fix urgent problems, such as in cases of business
continuity or disaster recovery. Access to these accounts frequently requires managerial
approval.

© Iraje Confidential – All Rights Reserved 3

Privileged Access Manager– White Paper

Risks of Unmanaged Privileged identities

The following Risks have emerged due to the growth of privileged accounts
within organizations.
Organization Assets Account Types Actions that may go Flavours
untraced
Operating Systems: • Administrator Read, Copy, Alter data
Windows, Unix, Linux, • Root Change security settings
AIX, Sun Solaris, • Service Create and delete accounts
Mainframe • Super User Run programs
Enable & remove file shares
Databases: • Root Access transaction data
Oracle, MS-SQL, • Sys Switch on-off the logs
MySQL, DB2, Ingress, • Sysdba Edit-delete DB logs
Informix, Sybase • SA Modify DB records
• Ora Change DB configuration and
schema
Modify stored procedures
Database Tools: • System Access transaction data
Toad, MS SQL, PL/SQL, • Sys Edit-delete DB logs
OEM, SQL Developer, • SA Modify DB records
DB2, MongoDB, • Service Change DB configuration and
Postgres accounts schema
• App Owner Modify stored procedures

Network & Security • Root Alter config settings

Appliances: • Enable Give access or deny access to
Cisco, Juniper, Nortel, • Admin users
Watchguard, • Cisco Access data packets
Checkpoint, etc. Enable or disable monitoring
Change policy settings
Backup, Storage & • Administrator Access transaction data
Service Infrastructure • Root Modify, delete or transfer
• Service saved files
• Super User Change config settings
Save and transfer archived
data
Directory Services • Administrator Read, Copy, Alter data
• Root Add & delete users
Change user privileges
Enable remote access
Application Layers • Service Modify backend applications
• Config Files Alter web pages
• Run As Change records from
• DB Connection backend
Disclaimer: all logos used in the picture above are for illustrative purposes only and are intellectual
property of the respective brands.

© Iraje Confidential – All Rights Reserved 4

Privileged Access Manager– White Paper

Potential threats of unmanaged privileged identities

• Too many privileged identities (users or accounts) to keep track of
• No accountability to individuals who are using privileged accounts
• Privileged passwords are either not changed or changed rarely
• Limited or no audit trials
• Increased user id administration cost
• No control on direct backend access
• Insider threats

Why managing privileged identities are important?

The drivers to manage these privileged identities often start with an immediate need to address
negative audit findings, or with an executive mandate to improve an organization’s GRC (governance,
risk management and compliance) position.

Additional business drivers can include the need to manage privilege account ids & passwords, get
audit trails of every activity and action performed by privileged users, file regulatory compliance,
manage completely outsourced environments effectively and get overall visibility and control of your
IT organization.

The potential business drivers are explained below:

Password Management
• Critical passwords of Databases, OS & Routers are stored in text files and/or spreadsheets
• 30-60 day password change: Admins must manually change approx. 100*3=300 passwords
• ‘Admin’ passwords shared by all Administrators

Privileged Access Management

• Privileged ids (‘sys’, ‘system’, ‘ora’) and passwords are shared by all the admins
• DBA has unrestricted full access on all aspects of an accessed database

Audit Trails
• No audit trail to the activities performed using tools like Toad, OEM, XManager, etc.
• Limited audit trail of Application administrator activities
• Limited audit trail of OS (Unix/Linux/Windows) access and activity
• Limited audit trail of access to databases
• Limited audit trail of access to all network devices
• Logs not available at one central location for all devices without being under the control of
administrators

Visibility & Control

• Limited visibility on the cloud activities
• Limited visibility on activities performed by internal resources/partner resources
• No control/restrictions on cloud activities

© Iraje Confidential – All Rights Reserved 5

Privileged Access Manager– White Paper

Compliance with Regulatory Mandates

• Datacenter activities not complying with regulatory compliance mandates (example
ISO27001, SOX, PCI guidelines etc.)
• Third Party Audit gaps & data privacy issues

Moving to the cloud

• An increase in the use of data centre consolidation, cloud computing, virtualization and
outsourcing creates an even greater need to centrally manage and secure privileged IDs.
• How to provide secure access to enterprise assets hosted on cloud that can be accessed over
internet from anywhere.

© Iraje Confidential – All Rights Reserved 6

Privileged Access Manager– White Paper

Understanding the Cloud

As more businesses are moving to the Cloud; migration of servers to cloud and its security in a fast-
moving business environment is becoming critical. Moving assets to the cloud increases accessibility
for remote and geographically diverse teams, and reduces the need for massive on-premises server
rooms. In short, whether operating in a pure cloud or hybrid environment, cloud migration simplifies
IT and business management but security of infra on cloud remains a big challenge.

A Comparison of Cloud Computing Models

Cloud computing is a modern way of hosting and accessing software applications, data storage and
compute power over the Internet. The power of the Cloud allows your IT team to focus on business
needs and reduces effort on tasks such as procurement of servers, capacity planning and other
related areas.

Cloud Computing Deployment Models

Cloud Computing can be deployed in three ways to deliver services towards your assets, operations
and teams.

© Iraje Confidential – All Rights Reserved 7

Privileged Access Manager– White Paper

Private Cloud
This model is similar to the traditional on-premise deployment model where resources use
virtualisation and resource management capabilities. This model does not bring the associated cost
savings or flexibility associated with the public cloud model. It does however, allow the end
user/organisation to control and customise the cloud to meet their specifications. As a result, this
restricts the scalability and flexibility of the offering yet ensures comfortable levels of security (data,
user information etc.) provided in-house security practices are set in place.

Public Cloud
This is the most common Cloud model that comes to mind when the discussion of Cloud comes up.
Public Cloud is a multi-tenant model, typically offered by a vendor such as Google Cloud, Microsoft
Azure, Oracle Cloud or Amazon Web Services.
This model deploys and runs an application fully in a public, off-premise Cloud. The main benefits
associated with this approach are lower software Total Cost of Ownership (TCO) and substantial
agility — access to pay-as-you-go, on-demand storage and compute power. Where data security is
not a top-level concern, applications are suited to this model.

Hybrid Cloud
Hybrid Cloud is a mixture of the two previous models described — they remain separate but are
linked together giving some flexibility when demand cannot be served solely in private Cloud.
Applications can be deployed in the private cloud while associated data stored on-premise.
This is due to concerns about data security and ownership. When usage spikes, access can be
connected to a Public Cloud to obtain more flexible compute power and storage access.
The main concerns with the Cloud are security and control. The level of sensitivity relating to the
data you are managing can mean that the benefits of lower TCO (associated with public cloud) is
sacrificed.

Private
Security

Hybrid

Public

Total Cost of Ownership

© Iraje Confidential – All Rights Reserved 8

Privileged Access Manager– White Paper

When data sensitivity is low, then the public cloud can be considered but the level of control is
reduced as the Cloud vendor is responsible for configuration management.

Private

Hybrid
Control

Public

Scalability

Cloud Services
The Cloud allows you to deliver three different service types within your organisation. Each service
has a different function depending on the resources available and the flexibility desired.
Cloud Computing is growing at substantial rate and is definitely an option considered by
organisations when deciding how to manage their way of working.

© Iraje Confidential – All Rights Reserved 9

Privileged Access Manager– White Paper

Computation Hub is a Software-as-a-Service vendor and offers applications deployed in a Private,

Public or Hybrid Cloud model depending on your organisation’s needs.

© Iraje Confidential – All Rights Reserved 10

Privileged Access Manager– White Paper

Impetus to move on Cloud

Why are businesses moving to the cloud?

It’s because cloud computing offers benefits like:

1. Flexibility
Cloud-based services are ideal for businesses with growing or fluctuating bandwidth demands. If
your needs increase, it’s easy to scale up your cloud capacity by drawing on the service’s remote
servers. Likewise, if you need to scale down again, the flexibility is baked into the service.
2. Disaster Recovery
Businesses of all sizes should be investing in robust disaster recovery, but for smaller businesses that
lack the required cash and expertise, this is often more an ideal than the reality. Cloud is now
helping more organisations buck that trend.
3. Automatic software updates
The beauty of cloud computing is that the servers are off-premise and out of sight. Suppliers take
care of them for you and roll out regular software updates – including security updates – so you
don’t have to worry about wasting time maintaining the system yourself.
4. Capital-expenditure Free
Cloud computing cuts out the high cost of hardware. You simply pay as you go and enjoy a
subscription-based model that’s kind to your cash flow. Add to that the ease of setup and
management and suddenly your scary, hairy IT project looks at lot friendlier.
5. Increased collaboration
When your teams can access, edit and share documents anytime, from anywhere, they are able to
do more together, and do it better. Cloud-based workflow and file sharing apps help them make
updates in real time and gives them full visibility of their collaborations.
6. Work from anywhere
With cloud computing, if you’ve got an internet connection you can be at work. And with most
serious cloud services offering mobile apps, you’re not restricted by which device you’ve got in hand.

© Iraje Confidential – All Rights Reserved 11

 Privileged Access Manager– White Paper

Business Drivers: Do you need a solution to manage privileged identities on

cloud?

Before embarking on your Privileged Access Management (PAM) cloud journey, it’s important to
understand the severity and criticality of the issue and how urgent it is to manage the same.

The Top 10 lead in questions for the same are.

Example: If your answer is option a, put 1 in the first column, if your answer is option b. put 2. in the
second column, if option c. put 3 in the third column and so on.

Sr.
No. Lead in Questions Severity & Criticality
Less Very Very
Severe Severe severe Critical critical
1. How many privileged users do we have in the
organization accessing cloud?
a. < 10
b. >10 <25
c. >25<50
d. >50<100
e. >100
2. How many privileged accounts are there on
your systems? [admin, ora, sys, root etc]
a. < 100
b. >100 <250
c. >250<500
d. >500<1000
e. >1000
3. How many passwords are there across all
privileged accounts?
a. < 100
b. >100 <250
c. >250<500
d. >500<1000
e. >1000
4. Is your environment completely outsourced,
insourced or a mix?
a. Completely insourced
b. Mostly insourced
c. Mix of both
d. Mostly outsourced
e. Completely outsourced
5. How sensitive is your business data? Is your
data residing on infra hosted on cloud?

© Iraje Confidential – All Rights Reserved 12

 Privileged Access Manager– White Paper

a. Not at all critical

b. Not much critical
c. Important
d. Critical
e. Very critical
6. Did you have any data breaches in the past?

a. No breaches at all

b. Very few breaches

c. Few breaches - but regularly
d. Many breaches
e. Very critical breaches
7. Do you have trace of every privilege user
action as of now with your current monitoring
infrastructure?
a. Every privilege session is traceable
b. Most privilege sessions are traceable
Privilege sessions are most likely
c. Traceable
d. Limited traceability
e. No traceability at all
8. Do you struggle during system audits and get
non-compliances on privileged accesses?
a. No issues in system audits
b. Limited issues in system audits
Issues in systems audits and non-
c. Compliances
d. Many issues reported in system audits
Critical issues and non-compliances in
e. system audits
9. Do you have visibility and control on your
datacentre or infra hosted on Cloud?
Complete visibility and control on your
a. datacentre
Good visibility on your datacentre
b. Activities
c. Fair visibility on your datacentre
No visibility on your datacentre
d. Activities
Zero visibility and control on your
e
Datacentre

© Iraje Confidential – All Rights Reserved 13

 Privileged Access Manager– White Paper

10. Do you have regulatory compliance

requirements on privileged accesses
a. No regulatory compliance
b. Limited compliance requirement
c. Only internal compliance requirement
Mandatory local compliance
d. Requirements
Mandatory local and international
e. compliance requirements

Now add the answers. The scores will point to the severity and criticality of a PAM solution required
for the organization. Table below gives the severity and criticality scores at which organization needs
to take a decision on implementing PAM solution.

Severity and Criticality Scores Suggested Action

>10 <20 Not critical
>20 <30 Critical but not urgent
>30 <40 Critical & Urgent
>40 Immediate requirement

It is very likely that your scores are in the 20s, which means that though this threat is important it may
not be urgent to be acted on.

Alternatively, your scores may be in the 40s, which means the issue is not only critical but very urgent
as well, and needs to be address immediately.

© Iraje Confidential – All Rights Reserved 14

Privileged Access Manager– White Paper

Privileged Access Management on Cloud

In many organizations, there is no tracking around of who does what and what kind of account is being
used. Therefore, Privileged Access Management (PAM) is necessary to automate control over
administrative accounts, which typically put too much power in too many people's hands with too
little accountability. It helps to address the security, operational and compliance issues posed by the
widely shared administrative accounts and passwords, excessive administrative rights, poor
separation of duties, embedded passwords in legacy applications and scripts, and poor or non-existent
privileged-password rotation. It also provides individual accountability and an audit trail to prove that
policies and controls are actually being enforced.

With Infra and applications moving on cloud, the privileged passwords and public private keys used to
access these need to be governed and secured more effectively. Cloud environments do provide basic
security around identity and accesses but lack the more granular controls required to manage the
security around privileged user accounts in terms of session recording, smart audit trails, centralized
console to manage all accounts, discovery & control capabilities to meet audit and compliance
requirements.

© Iraje Confidential – All Rights Reserved 15

Privileged Access Manager– White Paper

16 Key Drivers to PAM on Cloud

The key drivers to PAM on Cloud are shown below. These key capabilities are important and a “must
have”, to ensure that the PAM is ready and capable of providing the integrations.

A PAM solution that provides these 16 core capabilities is fully ready to support the enterprises who
want to go for Cloud PAM – with either the infra being on-premise, infra being on cloud or a hybrid
option of infra and apps on cloud as well as on-prem.

© Iraje Confidential – All Rights Reserved 16

Privileged Access Manager– White Paper

Software-as-a-Service (SaaS): The First Step

As companies begin their journey towards cloud, they often begin by creating suites of SaaS
platforms. These applications enable them to streamline business operations but create more
access points that increase risk.

For example, as business leaders seek to streamline their ERP systems using SaaS applications,
their IT security departments struggle to maintain privacy and security across the ever-expanding
ecosystem. According to the Oracle’s 2018 report, “Securing SaaS at Scale,” the mobile workforce
redefines “perimeter” and legacy solutions cannot support the new cloud threat landscape.

The disconnect between SSO use and IGA tool use indicates that although organizations express
concern over compliance and security, they lack integrated tools that enable protection. SaaS
applications require privileged access to databases or other applications across the overarching IT
infrastructure. Their passwords, which often remain embedded and stored in unencrypted text
files, create a security vulnerability. As cybercriminals increasingly use stolen credentials to gain
unauthorized access to protected information, the passwords act as a point of entry. Even more
disconcerting, as the applications interact throughout the cloud ecosystem and across multiple
servers, this vulnerability exponentially impacts the whole organization.

Infrastructure-as-a-Service (IaaS): Step Two

With IaaS, organizations build their own clouds using platforms provided by cloud service
providers (CSPs). Rather than leaving databases on premises, the enterprise moves data,
operating systems, and applications to the cloud. While these services provide more mobility,
they also create new security risks.

IaaS applications interact across an organization’s ecosystem, often requiring privileged access to
systems to interact with operating systems. These service accounts may have domain
administrative privileges that require additional security controls and monitoring to ensure
privacy and security.

© Iraje Confidential – All Rights Reserved 17

Privileged Access Manager– White Paper

Platform-as-a-Service (PaaS): The Final Frontier

PaaS enablements bring together SaaS and IaaS in one neatly tied package. They provide and
operating system as well as linked applications. Thus, they offer flexibility and ease as the
enterprise seeks to embrace cloud migration.

While PaaS services bring together SaaS and IaaS enablements, they also create new challenges.
Specific to PaaS, the journal article “MPSM: Multi-prospective PaaS Security Model” explains the
unique data and infrastructure risks inherent in PaaS ecosystems:

 Data location: duplication of information in multiple locations that remain on the service
provider’s network
 Information leakage: shared communication channels and resources can lead to “shadow IT”
sharing similar to within an IaaS ecosystem
 Privileged Access: “built-in” debug feature grant privileged access to memory and data
locations
 Distributed system: open default ports decrease visibility into how and where data can be
accessed
 Vulnerable hosts: Multiple accounts (multi-tenancy) in PaaS ecosystem allows user objects to
connect which leads to visibility issues that lead to infiltration

PaaS services lead to privileged access risk as they incorporate domain service accounts and
require coordination across multiple systems. Within the PaaS environment, administrators need
to apply access on a more detailed level. Traditional IGA services and privileged access
management providers lack the ability to create fine-grained entitlements, such as limiting access
at the file and folder levels. Coarse-grained entitlements, such as application level access, fail to
secure privileged access in the cloud.

Securing identity and proving governance over access and use becomes challenging as the
enterprise adds more human and digital users to its cloud. Once the enterprise ensures that the
cloud environment is secure, it must also find an Identity Governance and Administration (IGA)
solution to enable authentication, authorization, and traceability.

© Iraje Confidential – All Rights Reserved 18

Privileged Access Manager– White Paper

Deployment Architectures on Cloud

There are multiple deployment scenarios for cloud environments:

1. PAM on Cloud: This is where customer infra is on cloud and PAM is also on cloud as part of
the infra
2. Infra on cloud, PAM on Prem: This is a scenario where customer has moved majority of their
infra on cloud but want PAM in their premises to manage the infra
3. Hybrid environment, PAM on Prem: This is a case where infra is on prem as well on cloud and
PAM is on prem

PAM on Cloud:

© Iraje Confidential – All Rights Reserved 19

Privileged Access Manager– White Paper

Infra on cloud, PAM on Prem:

© Iraje Confidential – All Rights Reserved 20

Privileged Access Manager– White Paper

Iraje Privileged Access Management Solution differentiators

PAM solutions offers the features mentioned in the list above. Few features that differentiate Iraje
PAM from other solutions are:

Iraje PAM Competition

• Ability to provide SSO integration to all types • No other solution provides all types of
of devices – out of the box. No Connectors or SSO device integration – out of the box
Adaptors.
• Agentless Discovery Capabilities • Limited capabilities, port discovery not
• Discover hidden admin accounts available
• Discover hidden devices in the
network
• Discover active ports
• Discover DB and DB Links
• Alert Management Suite • Limited capability
• Out of office alert, sensitive device • No alerts available for au-authorized
alert access to Linux, Unix devices
• Un-authorized access alert for
bypassing Windows
• Un-authorized access alert for
bypassing Linux, Unix, AIX devices –
AGENTLESS
• Architecture • Architecture
• Active-Active using native replication • Active-Active using windows
• Connections working from PAM to cluster
target making it more secure • Connections opening within
user browser and unsecure
• Service Change password – out of the box • Service change password not out of
box
• BCP – fully encrypted password recovery • Not available
module
• Ability to reset user AD passwords from PAM • Not available

© Iraje Confidential – All Rights Reserved 21

Privileged Access Manager– White Paper

Iraje PAM Competition

• Advanced Video on Demand • Limited capability
• Live session mirroring with remote • Session recordings are in open formats
termination if required
• Text search within videos
• Multi-Factor Authentication – Ability to • Standard 2 Factor options using
integrate with multiple options for 2 factor proprietary apps, third party apps for
authentication OTP, Token based auth, Biometric
• SMS OTP, Email OTP authentication options
• Soft Tokens / Hard Tokens
• Biometrics, PKI/Smart Cards, RSA etc.
• Twilio, Entrust, Azure MFA
• 3 Factor Authentication [on Device access] • Not available

• Agents for Windows devices for alerting • Not available in some solutions
unauthorized access bypassing PAM including
advanced remote access alerts
• SSH Tunnelling support • Not available in some solutions

• Session Recording in HD Video with ultra • Session recording is in jpegs and

compression streamed to give a video effect. Open
• Proprietary format which cannot be just format videos – very risky
played anywhere
• Session Recordings cannot be deleted even by • Session recordings can be deleted by
the PAM Admin PAM Admin

• Supports all types of cloud environments and • Limited support for devices on cloud
devices on cloud.

© Iraje Confidential – All Rights Reserved 22

Privileged Access Manager– White Paper

Iraje PAM Competition

• OS credentials of PAM are auto changed and • OS credentials of PAM are with PAM
no one has access to PAM OS super admins and they can delete the
• OS is tamper proof logs and recordings
• Live CIO Cockpit • Not available
• Live users, Live devices, Live
commands
• Live CPU, Memory and Drive
monitoring
• Sync Centre – Ability to sync devices without • Need manual intervention to change
manual intervention password in case device is out of sync.
• PAM admin can manually update
password in the connection – highly
unsecure
• Integration with 3rd Party BI Dashboards • Limited availability

• iDLP and iRSA features • Not available

• iDSSO  SSO on RDP to RDP • Not available

• iURA – unauthorized remote access alert • Not available

• iWAR  Windows Advanced Restrictions • Not available

• iCollab  Ability to collaborate on the same • Limited availability

session without using screen sharing tools

© Iraje Confidential – All Rights Reserved 23

Privileged Access Manager– White Paper

Cloud Implementation review checklist

A good Privileged Access Management Solution should provide the following:

Phase 1 Implementation: Base

 Corporate AD / Azure AD Integration with MFA

 Role Based Access and SSO to all devices integrated in PAM
 Time Based Access to users on the PAM Portal
 Just In Time Access to users on the Devices

 Command Filtering/Restrictions on SSH & Windows devices

 Session Recording of all sessions going through PAM
 Password / Key rotation on all devices
 Discovery capabilities to auto discover users and devices

 Real Time Alerts

 API Integrations with 3rd party applications
 SIEM Integration for real time event-based alerts
 Application Integration

Phase 2 Implementation: Advanced

 Cloud services integration and native cloud security integration

 Ticketing and CMDB Integration
 Multi-Tenancy to scale to multiple customers with single App Server & a single Database
instance
 Dev-Ops Integration to integration developer apps in PAM using secret server to manage the
keys and passwords in real time
 API Integrations with 3rd party applications

© Iraje Confidential – All Rights Reserved 24

Privileged Access Manager– White Paper

Bottom Line

The threat of un-managed privileged identities is very high and it can cost the organization very
heavily in case of data breaches. The insider threat is dangerous as well since it goes on without
being traced easily.

Addressing the threats from insiders is always a sensitive area to handle. While companies will
always want to hire trustworthy employees, it is an irrefutable fact that accidental breaches occur
very regularly, and that a single, well-motivated malicious insider with privilege accesses can cause
immense damage.

IT auditors are also realizing the potential of threats posed by unmanaged privileged identities in
your organization. There is an ever-increasing pressure to bring these powerful logins under control.

Fortunately, Privileged Access Management software can help organizations secure privileged
credentials throughout your network and provide an authoritative/forensic audit trail of their access.

A successful PAM implementation can give

• give better visibility and control on privilege accesses
• help comply to regulatory requirements
• improve overall Governance Risk and Control (GRC) of the organization

For more details or a demo of the solution, reach us at [email protected].

© Iraje Confidential – All Rights Reserved 25