New Readers

Home Awards Welcome Industry Voices Become Sponsor Banquet Tickets Be A Judge Merchandise Previous Winners About GBA
Patrick McBride: Key requirements of next generation privileged identity management (PIM)

Xceedium is the leading provider of next generation Privileged Identity Management solutions for hybrid-cloud enterprises.

Rake Narang: What are the key requirements of next generation privileged identity management (PIM)?

Patrick McBride: There are three main requirements privileged identity management solutions must address to clear the “next generation” bar. The first is the product must provide a comprehensive and integrated set of controls for managing privileged users, privileged accounts, and privileged account credentials. Otherwise, customers must turn to point solutions that provide a limited control set–such as password vaulting or session recording–that make it difficult and costly to implement and manage a coherent and consistent set of policies. The second requirement is solutions must be able to seamlessly enforce policies and implement controls that limit access, monitor, and audit privileged users across the entire hybrid-cloud environment. This includes broad coverage for servers, mainframes, and network gear that may reside in traditional on premise data centers, as well as servers and other infrastructure running on virtual private or public cloud infrastructure. Lastly, systems must be architected to support the dynamic nature of virtualized and public cloud infrastructure. For example, next generation systems must be able to both auto-discover and auto-provision new servers and other compute infrastructure with the appropriate policies. In cloud environments, new servers can rapidly appear by the tens or hundreds, so a solution that automates policy provisioning ensures immediate security and eliminates unnecessary administrative costs.

About Patrick McBride

Rake Narang: How does the adoption of hybrid cloud technologies change the task of privileged identity management?

Patrick McBride: Hybrid environments extend the management plane and the associated risk surface area organizations must protect. They also introduce new systems and network management models, and powerful new management consoles providing customers with optics into and control over their infrastructure like never before. However, these new management consoles, and their associated APIs, also concentrate power and therefore risk like never before. With these new tools a super user can “spin up”, copy or delete hundreds or thousands of new servers with a few mouse clicks or a few calls from a script to the cloud provider’s management API. So in hybrid cloud environments, organizations still need to control access, monitor, and audit privileged user activity with the individual instances running on the cloud provider’s platform (servers, network nodes, storage, etc.) just as they always have. But they must also apply the same controls to the powerful new management consoles and APIs that can be used to reconfigure or even shut down the entire cloud infrastructure.

Rake Narang: Why are traditional security measures inadequate for the cloud and virtual environments?

Patrick McBride: Virtualization and cloud computing provide many security advantages. For instance, cloud management consoles provide nearly perfect optics into how an organization’s infrastructure is configured and running – knowing what systems are “out there” and how they are currently configured has been a long standing challenge for security teams the world over. However, many first generation tools were designed to protect individual systems, and were not architected to integrate with virtualization and cloud computing platforms at the hypervisor management layer. So they can’t take advantage of the improved visibility the hybrid cloud delivers. In addition, many traditional security tools were designed to work in much more static environments. So first generation tools typically have a difficult time scaling to cope with the rapid pace of change and the sheer size cloud environments entail. Without integration and the ability to scale, first generation tools leave a large hole in an organization’s protection scheme.

Rake Narang: What are some common security misconceptions when migrating to the cloud?

Patrick McBride: One major misconception is that cloud computing is inherently insecure. In truth, virtualization and cloud computing platforms provide several security advantages over traditional systems. Cloud platforms include a plethora of built-in security controls and management consoles delivering tremendous visibility into and control over the configuration of systems, networks, and security policies. However, organizations must take the time to learn what controls the cloud service provider has implemented and what additional controls are needed to address their unique security risks and compliance mandates. That makes cloud security a shared responsibility proposition. Different cloud computing models – e.g., Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) – provide different built-in controls and security services, so will require differing customer-provided controls. Another common misconception is that organizations can just port their existing security model and tools to the new platform. The overarching security model for traditional data centers is based on a castle and moat mentality with a strong physical perimeter controls (firewalls). Many cloud systems are internet facing, so identity has become the new perimeter. That requires new controls ensuring only strongly authenticated and specifically authorized individuals access systems. Lastly, many legacy security tools are simply not architected to integrate with cloud platforms and have a difficult time meeting the performance and scaling requirements that cloud computing presents.

Company: Xceedium
2214 Rock Hill Road, Suite 100, Herndon, VA 20170 U.S.A.

Founded in: 2000
CEO: Glenn Hazard
Public or Private: Private
Head Office in Country: United States
Products and Services: Xsuite

Company’s Goals: Large companies and global government agencies use Xceedium’s products to reduce the risks privileged users and unprotected credentials pose to systems and data. Xceedium’s award-winning product, Xsuite, enables customers to implement secure privileged identity management. Xsuite vaults privileged account credentials, implements role-based access control, and monitors and records privileged user sessions. With unified policy management, the Xsuite platform enables the seamless administration of security controls across systems, whether they reside in a traditional data center, a private cloud, on public cloud infrastructure, or any combination thereof.
Key Words: privileged identity management, third party access control, privileged user password management, privileged IT user access, higher risk users, identity-based access control, user containment, role-based access, access management, compliance, contractor access, application password management
Interested in doing a written interview with us?

Let's do a quick written interview. Let's share success stories. Let's connect.


San Madan

san [@] goldenbridgeawards [dot] com
Connect with me on LinkedIn

Click here now to see the interview questions.