Solutions

Role-Based Access Management for DevOps

Centrify Privileged Access Management:
Govern DevOps Access Without Impacting Agility

PAM is critical to govern and secure access to DevOps’ systems, applications, and tools. However, traditional PAM solutions get in the way, impacting DevOps agility and so they are often patchworked or wholly avoided. Centrify PAM focuses on what matters; role-based access controls you can deploy and configure automatically, with centralized policies that govern access across the hybrid cloud infrastructure and APIs, CLIs, and SDKs to remove friction. PAM-as-code is now a reality.

DevOps at work

Secure DevOps Practices Are Not the Priority

The introduction of microservices, container-based architectures, and modern DevOps practices has led to a revolution in software development. However, as companies adopt these new technologies, tools, and methodologies, managing privileged access becomes increasingly complex and disruptive.

Security and operations teams must now manage and audit permissions and credentials for a growing number of user and system accounts. Compounding the issue is that traditional methods of securing developer environments involve manual interventions and restrictive controls that significantly impact development and operational agility.

For most DevOps practitioners, enforcing secure DevOps practices is just a side job. Their focus is on writing code, fixing issues with build servers, diagnosing build failures, helping new developers with problems, and getting their environments set up.

Let Centrify Help

Secure DevOps is the concept of integrating security into every aspect of the DevOps-based software delivery process. Centrify modern PAM solutions enable customers to build and deploy applications securely, using DevOps practices. These solutions centralize and automate access controls for developer toolchains and underlying infrastructure, enhance application security, and enable logging and auditing of privileged activity.

With Centrify PAM, you can:

Centralize Privileged Access Management

With IT infrastructure, applications, and users being more distributed than ever, you need a modern PAM solution that can centralize the management of identities, credentials, secrets, roles, and rights to make your life easier. It must accommodate systems and workloads in virtual machines or containers in your data center, private cloud, public cloud, or multi-cloud. Centrify PAM solutions satisfy these requirements. 100% home-grown, they are fully integrated on top of a single cloud-native platform, avoiding complexities and inconsistencies that would otherwise trickle down to DevOps, disrupting agility.

Simplify user authentication against any directory source, including Active Directory, LDAP, Google Directory, or the Centrify Cloud Directory, without requiring directory line-of-sight. Users can log in to any system, anywhere, using their personal enterprise account. With Centrify multi-directory brokering, you don’t even need to join systems to your AD domain, replicate AD infrastructure, or use expensive site-to-site VPNs.

Control Privileged User Access

Allowing users to log in with superuser accounts exposes you to significant risks and violates many regulations and standards. Vault them away for emergency use only. Have users log in with their personal, low-privilege account that is fully accountable. Centrify host-based security ensures fine-grained access control at the shell and process level. A just-in-time access request and approval workflow ensures that users get only the permissions they need, when they need them, for a limited time. To further assure the user's identity, you can enforce Multi-Factor Authentication (MFA) to protect access to your developer toolchain, computing resources, and secrets stores.

Enhance Application Security

Accounts, passwords, and configuration data used by applications, containers, and microservices are a prime target for attackers. Instead of embedding them in plaintext files, securely vault and retrieve them programmatically via RESTful API or CLI calls. For more robust security, avoid passwords and obtain stronger ephemeral tokens such as SAML and OAuth2 from the Centrify Platform.

Shrink Your Attack Surface and Reduce Operational Overhead

To access credentials and secrets in the vault, applications and services need a vault service account with which to log in. Each service account carries overhead to create and assign roles and rights. It also represents a potential vector of attack, increasing your attack surface massively. Avoid per-application service accounts and instead leverage Centrify Delegated Machine Credentials, one per machine. Give trusted applications and services on that machine a scoped OAuth2 token with permission to access specific vault APIs.

Audit Privileged Activity

Automatically log, monitor, and audit administrative activity in your development and production environments.

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us