With hybrid IT becoming the norm and more critical assets / workloads moving to cloud, privileged access compromise for cloud applications is emerging as one of the biggest threats today. More autonomy and flexibility to business and developers means higher proliferation of privileged access and ‘keys to the kingdom.’ It is imperative to manage and govern privilege / service accounts / access / roles / groups and continuously monitor their activity for any signs of compromise. Saviynt delivers a comprehensive solution for privileged / emergency access management and governance for Cloud and enterprise providers such as AWS, Azure, Salesforce.com, Workday, Office 365, SAP, SAP HANA, etc.
Privileged access traditionally has been managed by sharing a common account across multiple users. This introduces the need for additional password vaulting and check out of passwords for limited duration. Saviynt allows check out and check in of privileged access via roles. These privileged roles are then assigned to regular user IDs for a limited duration upon appropriate approvals. This leads to easier correlation of user’s privilege activity as account ID remains unchanged in Cloud IaaS and SaaS audit logs.
Saviynt monitors all privileged session activity to identify if users have leveraged emergency or privileged access to bypass any segregation of duty or access policies. Additionally, Saviynt can correlate accounts and access created manually by administrators to any approved access requests and monitor out-of-band or unauthorized changes being made directly to target systems. Upon identification of potential malicious intent, Saviynt can automatically kick-off an activity review and certification to normalize or remediate the violations.
Privileged activity especially on IaaS, DevOps and SaaS platforms can be extremely chatty and lead to large volumes of data. Saviynt leverages powerful components such as Elasticsearch and Kibana from Elastic to perform log and usage analysis. Combined with drilldown dashboards and visualizations, Saviynt delivers next generation data analytics driven investigation workbench for Cloud and Enterprise.
Featuring industry leading user experience and flexible approval workflow, Saviynt enables an intuitive UI for requesting privileged or emergency access. Saviynt makes it easy to configure maximum check out duration policies and multi-level approval workflow per system or privileged role. Governance is enforced by controlling who can request access to specific privileged accounts, categorized by business functions. Multiple owners can be defined per privileged account or role who are then responsible for periodic certification and review of their access. Maintain strict control over privileged / service account ownership management by tightly linking it to user lifecycle triggers e.g. if a privileged account / access owner changes jobs, Saviynt detects a potential transfer and launches a micro-certification process to identify new owners.