Gartner Research

Securing Privileged Access to Your IaaS Environment

Published: 03 August 2017

ID: G00322583

Analyst(s): Lori Robinson

Summary

As the adoption of Amazon Web Services, Microsoft Azure and other IaaS offerings increases, so does the number of privileged users within an organization's IT infrastructure. Technical professionals must manage, secure and monitor privileged access to these critical IaaS environments.

Table Of Contents

Analysis

  • What Is Privileged Access?
  • Securing Privileged Access to IaaS Is a Shared Responsibility
  • Taxonomy of Privileged Access in an IaaS Environment
    • Privileged Entitlements and Operations
    • Access Points
    • Privileged Users
  • Unique Challenges of Managing Privileged Access in an IaaS Environment
    • The Expanded Attack Surface
    • Concentration of Risk
    • Autoscaling
    • Privileged Access in a DevOps Culture
    • Privileged Access Management Spans the Hybrid IT Environment
  • Guidance for Managing Privileged Accounts in IaaS
  • Using PAM Tools and Functionality to Secure the IaaS Environment
    • PAM Features Inherent in IaaS
    • Third-Party PAM Solutions
    • When to Use a Third-Party PAM Solution Versus IAM Features Inherent in IaaS Tools
  • Other Techniques in Lieu of PAM
    • Federation With Enterprise Identity Systems
    • Identity Governance and Administration (IGA) Tools
    • Analytics and Monitoring Tools
    • Manual Processes
  • Strengths
  • Weaknesses

Guidance

  • Perform a Thorough Risk Assessment of Your IaaS Environment
  • Adopt a PAM Strategy That Spans the Entirety of Your Heterogeneous IT Environment
  • Understand and Leverage the IAM Capabilities Inherent in Your IaaS Platform and Follow Your Provider's Best Practices
  • Lock Down the IaaS Root or Master Account
  • Require MFA for All Privileged Access
  • Apply the Principle of Least Privilege
  • Remember: User Experience Matters
  • Use PAM Tools to Meet The Requirements Described in the Guidance for Managing Privileged Accounts in IaaS Section
  • Include Privileged Access Control Requirements in Your SLA With Your IaaS Provider

Gartner Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.