We recently announced a partnership with one of the premier names in cybersecurity, SSH.COM. Let’s dig into what this exciting news actually means and how, together, we’re able to help organisations with the management of privileged access to their systems.
Extending the Identity Platform to Privileged Users
The Ubisecure and SSH.COM partnership helps organisations connect Strong Identity with Privileged Access Management. This provides unified identity-driven, automated, role-based access controls for administrators, developers, DevOps teams and third-party personnel.
PrivX®, SSH.COM’s Privileged Access Management (PAM) solution for cloud and on-premise extends the Ubisecure Identity Platform to enable a new approach to the management of privileged access to business systems. Privileged users (including third-party employees) gain secure, role-based, on-demand access to critical development and production resources, helping to improve security and to reduce admin.
Using Ubisecure Identity Server, resources protected using PrivX, such as on-prem and cloud servers, become part of the centralized policy-based security realm. The authentication of the admin users can be set to require multi-factor or step-up authentication, allow federation from certain intranet services with a seamless single sign-on experience or using specific corporate logon credentials with certain roles and attribute requirements and with desired Level of Assurance in authentication.
Combining our two solutions improves the reach, quality and efficiency of policy-based governance. This partnership extends the scope of Ubisecure Identity Server controlled policies to also include services with the Privileged Access Management that DevOps and server admins require in order to be productive and safe.
What does this mean in practice?
User information (including groups and roles) from the Ubisecure Identity Platform is mapped to roles in PrivX. Based on these roles, the users have a determined level of on-demand access to target hosts (such as on-premise and cloud servers). The intuitive PrivX UI also shows the users the list of hosts and accounts they have the right to access.
So when a person moves to another team or operational unit, the resulting changes in identity are automatically reflected in the roles in PrivX without any extra configuration or maintenance work. Furthermore, when a person leaves the company their access rights are revoked automatically, making worrying about revoking keys or passwords a thing of the past.
In order to ensure compliance and enable forensics, all events are visible in PrivX UI for administrators (with sufficient access rights, of course). If desired, user sessions can be recorded and played back, and events can also be sent to your SIEM solution.
One common scenario is enabling specific access to internal company servers to external consultants or specialists for configuration and support cases. Access is often required at short notice, for example, in the event of software system or application failure and the expert engineer is on the other side of the world. In these situations, every second counts – each minute of downtime can mean thousands in lost revenue. Ubisecure Identity Server enables rapid and secure invitation of external users – either individuals, teams or organisations. Access rights can be automatically assigned as part of the invitation process. After account information validation and optional approval, direct access to one of more server environments is possible.
From a developer perspective, the beauty of this combination is that it totally removes the hassle of signing into development and production resources. Using the combination of Ubisecure and PrivX lets them access all the necessary resources much quicker – whether they are on-prem, in private clouds, or across public clouds – without worrying about passwords or keys. The combination allows a simple, secure and fast single sign-on experience to access all resources the developers are entitled to.
The key benefits of strong identity with privileged access management:
- Cost and time savings– both admins and developers need to use less time for non-productive routines and can concentrate on real value-adding tasks.
- Improved security– not having to generate, rotate, and dispose of passwords or keys improves your security posture and reduces your attack surface. Ditto for the automatic revocation of access rights upon someone leaving the organisation and not having to worry about lost credentials.
- Improved compliance– with detailed audit logs and the available session recording and playback and integration with SIEM systems, you get full visibility into who has done what, where, and when. This not only gives you peace of mind, but it also helps you stay on the right side of GDPR and other regulations.
- Better user experience– while a great customer experience is something we often think about, improving the user experience and making the lives of DevOps teams easier is often equally valuable.
Don’t Be a Stranger
We hope we managed to spike your interest on how the combination of our Identity Platform and PrivX can help your organisation. Contact us below and let’s talk more!