Hybrid cloud has its advantages, including cost-effective, flexible and scalable access to business-critical applications and data. The very nature of these unified solutions in which on-premises and virtualized assets are integrated for resource optimization also presents some real-world challenges for IT security professionals. Not the least of which is trying to manage password privileges associated with these distributed computing environments.
Among the challenges, as scale increases, so do the number of entities that require administrative access—and privileged passwords. This represents a major challenge in password management that if, left unchecked, could lead to password privileges for users whose security credentials are no longer valid.
Another vulnerability is scope. Cloud management consoles pack a powerful punch when it comes to access. Consider the amount of access an authorized administrator has through a cloud console that is used to manage the development, deployment and scale of cloud-based websites, applications and services that most likely include mission-critical business applications.
And then there’s the vulnerability being driven by the hyper-connectivity of everything, including clouds as well as the Internet of Things, which relies on machine-to-machine authentication. In this scenario, passwords are used by one system to gain access into another or, in some cases, credentials are hard-coded into applications, like SSH key pairs and PEM-encoded keys. Considering that an organization might have thousands of keys, it’s more critical than ever to authenticate credentials of these privileged accounts to mitigate risk.
So what can an IT professional do to control the password chaos lurking inside hybrid cloud?
Mitigate risk at the cloud console level. With a comprehensive privileged access management tool, you can restrict privileges of users to only the authorized hybrid cloud infrastructure and you can record and monitor all activity, so malicious activities can be targeted and thwarted.
Automate discovery at the device level. By automating discovery of devices, systems, applications, services and accounts, including APIs required for virtualization and cloud management, you can alert administrators when new virtual machines are created and monitor activity by pulling bulk-import system lists from text files to target and identity potential malicious activity before it becomes a full-fledged breach.
Enforce password security at the user level. By rotating passwords based on time or when triggered by an event, you can more effectively govern use by putting limits on access times and requiring multiple authorizations for access. And, you can ensure that any and all password credentials are synchronized so if they are changed at one end of the system they are changed everywhere.
With the right tools, you can manage and protect passwords for privileged accounts in hybrid cloud environments. Products like CA Privileged Access Manager can be used to automate and simplify the task of monitoring and recording privileged user activity across virtual, cloud and physical environments. CoreBlox is a CA Technologies Advanced Partner that can deploy a privileged password management solution to control access to your company’s data and systems. Contact us to learn how it works and explore the CA technologies that we leverage for success.