With rapid adoption of MS Azure, enterprises always need to be a step ahead of constantly evolving risks that threaten migration of workloads to cloud. With over 250 risk signatures, Saviynt Security AnalyzerTM continuously scans Azure objects such as virtual machines, roles, blobs and resource templates, for any risky misconfigurations, unauthorized user access, etc. Apart from being industry’s most comprehensive library of risk signatures, they have also been mapped to industry standards including CIS Controls, SOX, FISMA, PCI, HIPAA / HITRUST, etc. Enterprises can further build their own risk signatures or request development of new ones.
Legacy techniques such as password vaulting and jumping through bastion hosts to secure privileged access do not work well with the mutable nature of IaaS and PaaS providers such as Azure. Saviynt’s approach allows end users to request timed access to privileged roles that are then provisioned for just-in-time administration. Enterprises can additionally enforce flexible policies including time of day access and multi-step approval workflows.
After check-in and de-escalation of privileged access, Saviynt collates all the logs pertaining to that session in its elastic repository for activity review. Saviynt integrates out of box with leading UEBA providers such as Securonix and Splunk to detect anomalous activity.
With its tight integration with Azure AD and HR systems, Saviynt perpetuates joiners-movers-leavers actions to ensure timely removal and provisioning of appropriate access. Saviynt also provides an intelligent business ready interface for end users to request exception access to Azure as well as perform continuous review / certification. Enterprises can configure flexible context-based provisioning rules or drag-n-drop approval workflows to further automate identity lifecycle management to Azure and Azure AD.