CyberArk Launches New Capabilities for Securing Access to Cloud Workloads and Services as Part of Its Identity Security Platform
October 2023 by Marc Jacob
CyberArk announced new capabilities for securing access to cloud services and modern infrastructure for all users, based on the company’s risk-based intelligent privilege controls. Included are major enhancements to the CyberArk Secure Cloud Access solution, which provides just-in-time access with zero standing privileges to cloud management consoles and services running in multi-cloud environments. The new security controls enable secure access to every layer of cloud environments, while causing no disruption or change to the way developers and other users access cloud services.
Research shows that 85% of organizations will leverage three or more public cloud providers in the next 12 months, yet only 9% of organizations are taking an agile, holistic approach to securing identities throughout their environments. This makes them more vulnerable to identity-related attacks.1 The CyberArk Identity Security Platform helps organizations gain visibility and context for identity-centric risks in their cloud environment, while moving from insight to action with easy migration of standing access policies to zero standing privileges.
"The remediation and removal of excessive, unneeded and unused permissions and entitlements from administrators, employees, service accounts and machine accounts is key to maintaining a posture of least privilege access, and our research shows that organizations are greatly challenged in this area," said Melinda Marks, practice director, cybersecurity, Enterprise Strategy Group (ESG). "By combining greater automation and developer-focused user experience with its approach to zero standing privileges and just-in-time controls for the cloud, CyberArk is helping organizations reduce the exposure window while saving overworked cybersecurity teams from manual work."
CyberArk Secure Cloud Access: Reducing Risk with Least Privilege and Just-in-Time Controls
Part of the CyberArk Identity Security Platform, Secure Cloud Access elevates permissions just-in-time to roles scoped for least privilege access, enabling cloud developers and administrators to maintain velocity while reducing the risks of credential theft and excessive access. New capabilities include:
The ability to identify IAM misconfiguration risks in multi-cloud environments.
New context-based, automatic approval workflows for high-risk access to cloud services. These workflows can be easily customized to meet governance objectives via no-code identity orchestration and automation capabilities within the CyberArk platform. Tight integration with IT Service Management (ITSM) and ChatOps tooling facilitates greater adoption from engineers and allows cloud security teams to rapidly and securely approve time-sensitive access requests in service outages. CyberArk is the only identity security vendor to offer this capability.
Additional support for delegated administration, allowing for approvals to be addressed on a team or department level. A new integration between CyberArk Vendor Privileged Access Manager and Secure Cloud Access allows third party vendors to securely access cloud services with zero standing privileges – from the same unified platform.
Expanded coverage for just-in-time access to support short-lived infrastructure workloads in Google Cloud Platform, enabling more multi-cloud deployments.
Regional datacenter coverage added in Australia, Canada, UK, Germany and India to meet demand for these capabilities.
"Secure Cloud Access enables us to secure our cloud with zero standing privileges and without impacting productivity," said Jose Voisin, chief information officer, Carmeuse. "Users continue to access the cloud as always while security teams implement least privilege with on-demand and seamless elevation of privileges."
The CyberArk Identity Security Platform features flexible, risk-based controls to secure access to different targets – for both human and non-human identities. These targets include SaaS applications, workloads and cloud services – by bots, service accounts, business users, IT admins, software developers, cloud engineers and third-party vendors.