What is privileged access management? It’s a great question and one that is highly relevant in the modern era of cloud identity management. Traditionally, PAM solutions, as they are known, have worked well with on-prem data centers and colocation facilities. But in the modern era of cloud infrastructure (i.e, AWS), is privileged access management needed?
Identity Management as a Whole
These are all great questions as the identity and access management (IAM) market shifts and morphs with the changes in the underlying IT landscape. Identity management solutions are a function of the users and the IT resources they are accessing. And, now more than ever, these solutions are being delivered from the cloud for organizations who are shifting to the cloud, enabling remote work, and dealing with a constant stream of security attacks.
Historically, the approach to identity management was usually Microsoft® Active Directory®, which would need to connect users to their Windows-based IT resources including their system (laptop/desktop), servers, applications, and even the network. It made sense that AD was the identity provider of choice because of the IT landscape at the time – on-prem and Windows-based.
As IT organizations and ops teams expanded their critical infrastructure—namely servers in their on-prem or co-located data centers—Active Directory began to struggle. The criticality of these IT resources meant that an elevated level of authentication and authorization was required. Instead of relying on Active Directory, many organizations extended AD to their server infrastructure with an add-on tool called privileged access management.
PAM solutions, which are now sometimes called Advanced Server Access platforms, would extend AD identities to an organization’s data center. Like other AD add-ons, such as web application single sign-on (SSO) tools or identity bridges, PAM solutions helped IT organizations graft their AD-based environments into a changing modern IT era. Privileged access managers were largely on-prem and enterprise grade, just as AD was. This approach to identity management worked well when the domain-based network was the norm.
The Effects of Modern IT
As AWS®, Azure, and Google Cloud Platform™ emerged, the cracks in this approach started to appear. AWS relied on SSH keys to access Linux® servers, so many DevOps organizations skipped the privileged access management solution for free configuration automation tools such as Chef, Puppet, Ansible, and Salt. But, these too had their drawbacks and broke down at scale. In fact, the identity management infrastructure within organizations was changing. No longer was the on-prem network Windows-based, but rather a mixture of platforms and cloud solutions.
All of these changes put tremendous pressure on the Active Directory and privileged access management approach that many took. While some have now turned to vendors like BeyondTrust or now Okta to continue on the PAM + AD path, others are looking towards a more holistic approach to identity management – ideally one from the cloud and much more integrated.
Centralized Identity Management for Servers and More
In light of this search for holistic identity management from the cloud, a new generation of solution – an identity provider with privileged access management combined into one broader solution – has appeared. Called cloud identity management, this new directory platform integrates the concepts of cross-platform user management, cloud and on-prem server access control, web application single sign-on, cloud LDAP, virtual RADIUS, system management / MDM, 2FA, and much more into one SaaS-based identity management platform.
All of this and more are available from JumpCloud Directory Platform. Admins using JumpCloud can tightly control user access to virtually all IT resources, regardless of end user choice of platform, protocol, provider, or location. That control includes servers, both cloud and on-prem, using LDAP and SSH key pairs.
If you are interested in privileged access management, consider your options. All-in-one identity management might better suit your environment. If so, then give JumpCloud a try. Your first ten users and ten systems in the platform are free. If you have any questions, feel free to give us a call or leave a message or hit us up on the 24×7 in-app chat within the first 10 days.