Company

Centrify and AWS

Together, we’re better. Centrify has teamed up with Amazon Web Services (AWS) to unlock the synergies of both companies’ solutions.

AWS icon

Increase Security in Your AWS Environment

Leveraging built-in Infrastructure-as-a-Service (IaaS) security is a good start, but even cloud service provider AWS recommends extending these security best practices. While AWS provides an excellent layer of foundational security for services, their shared responsibility model is clear – “businesses are still responsible for the confidentiality, integrity, and availability of their data in the cloud.”

Centrify Zero Trust Privilege Services augment AWS’ built-in security to assure you’re securing privileged access to your cloud environment.

 

Six Best Practices for Increasing Security in AWS

Common Security Model

Conventional security and compliance concepts still apply in the hybrid cloud. Leverage and extend on-premises access policies to deploy infrastructure quickly and securely in AWS.

ELIMINATE EC2 KEY PAIRS

Minimize attack points by leveraging Active Directory, LDAP and cloud directories, such as Google’s, versus creating local accounts and managing EC2 key pairs for authentication.

ENSURE ACCOUNTABILITY

Leverage existing user accounts or federate access to services and resources in AWS. Create fine-grained permissions to resources and apply them to users through groups or roles.

LEAST PRIVILEGE ACCESS

Grant users just the access they need in the AWS console and on EC2 instances. Implement cross-platform privilege management for AWS console, Windows and Linux.

AUDIT EVERYTHING

Log and monitor both authorized and unauthorized activity in EC2 instances. Associate all activity to an individual and report on both privileged activity and access.

MFA EVERYWHERE

Thwart in-progress attacks in AWS. Consistently implement MFA for AWS service management, on login and privilege elevation for EC2 instances.

 

Let Centrify help you secure your AWS environments by offering the following capabilities:

Shared_Responsibility_Model

AWS Shared Responsibility Model

AWS and the AWS customer share responsibility for security.

AWS provides robust security for infrastructure and services as their part of the AWS shared responsibility model.

Securing operating systems, platforms and data remain the responsibility of the AWS customer, and Centrify can help.

securing-console

Federated Access for AWS Console

Vault the password for the AWS root account and enforce MFA for break-glass access.

Extend your existing privileged access security solution by federating access to the AWS service, obviating the need for long-lived access keys.

Leverage any directory service to control AWS role assignment and grant the right amount of privilege.

privileged-access-to-ec2-instances

Privileged Access Security for EC2 Instances

Extend enterprise authentication to EC2 instances by brokering identities from your choice of directory services — Active Directory, LDAP or Google.

Minimize attack surface by securing shared accounts and remote access, granting just enough privilege, and auditing all activity across Windows and Linux.

Enforce MFA at session initiation, server login, and privilege elevation to stop in-progress attacks.

Deployment options

Flexible Deployment Options

Simplify privileged access security in hybrid IT environments with flexible solution deployment options.

Leverage the industry’s first Privileged Access Management-as-a-Service (PAM-as-a-Service) offering or install and manage a dedicated instance in your private cloud or on-premises.

Deployment tools and scripts make it easy to deploy the Centrify Zero Trust Privilege Services, enroll servers in the Cloud Service, vault root accounts and automate setup of user access to servers.

identity-where-you-want-it

Leverage Enterprise Identities

Securely extend your enterprise Active Directory to AWS, without replicating identities or identity infrastructure.

Federate enterprise users to your AWS environment, granting temporary access to AWS console and API interfaces.

Broker identities from your choice of directory services — Active Directory, LDAP and cloud directories such as those offered by Centrify and Google.

Want to Learn More About How to Increase Security in Your AWS Environment with Centrify?

Hybrid IT for Modern Enterprises – DevOps Automation for AWS EC2 Linux Instances

This demonstration provides use case scenarios of Centrify’s Privileged Access Security solution for AWS EC2 instances.

Ready to protect against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial