CyberArk launches new capabilities for securing access to cloud workloads, services as part of its identity security platform

Enabling secure access at every layer in the cloud.

---

CyberArk (NASDAQ: CYBR), the identity security company, today announced new capabilities for securing access to cloud services and modern infrastructure for all users, based on the company’s risk-based intelligent privilege controls. Included are major enhancements to the CyberArk Secure Cloud Access solution, which provides just-in-time access with zero standing privileges to cloud management consoles and services running in multicloud environments. The new security controls enable secure access to every layer of cloud environments, while causing no disruption or change to the way developers and other users access cloud services.

Research shows that 85% of organisations will leverage three or more public cloud providers in the next 12 months, yet only 9% of organisations are taking an agile, holistic approach to securing identities throughout their environments. This makes them more vulnerable to identity-related attacks. The CyberArk Identity Security Platform helps organisations gain visibility and context for identity-centric risks in their cloud environment, while moving from insight to action with easy migration of standing access policies to zero standing privileges.

“The remediation and removal of excessive, unneeded and unused permissions and entitlements from administrators, employees, service accounts and machine accounts is key to maintaining a posture of least privilege access, and our research shows that organisations are greatly challenged in this area,” said Melinda Marks, practice director, cyber security, Enterprise Strategy Group (ESG). “By combining greater automation and developer-focused user experience with its approach to zero standing privileges and just-in-time controls for the cloud, CyberArk is helping organisations reduce the exposure window while saving overworked cyber security teams from manual work.”

Part of the CyberArk Identity Security Platform, Secure Cloud Access elevates permissions just-in-time to roles scoped for least privilege access, enabling cloud developers and administrators to maintain velocity while reducing the risks of credential theft and excessive access. New capabilities include:

• The ability to identify IAM misconfiguration risks in multicloud environments.
• New context-based, automatic approval workflows for high-risk access to cloud services. These workflows can be easily customised to meet governance objectives via no-code identity orchestration and automation capabilities within the CyberArk platform. Tight integration with IT service management (ITSM) and ChatOps tooling facilitates greater adoption from engineers and allows cloud security teams to rapidly and securely approve time-sensitive access requests in service outages. CyberArk is the only identity security vendor to offer this capability.
• Additional support for delegated administration, allowing for approvals to be addressed on a team or department level. A new integration between CyberArk Vendor Privileged Access Manager and Secure Cloud Access allows third-party vendors to securely access cloud services with zero standing privileges – from the same unified platform.
• Expanded coverage for just-in-time access to support short-lived infrastructure workloads in Google Cloud Platform, enabling more multicloud deployments.
• Regional data centre coverage added in Australia, Canada, the UK, Germany and India to meet demand for these capabilities.

“Secure Cloud Access enables us to secure our cloud with zero standing privileges and without impacting productivity,” said Jose Voisin, chief information officer at Carmeuse. “Users continue to access the cloud as always while security teams implement least privilege with on-demand and seamless elevation of privileges.”

The CyberArk Identity Security Platform features flexible, risk-based controls to secure access to different targets – for both human and non-human identities. These targets include SaaS applications, workloads and cloud services – by bots, service accounts, business users, IT admins, software developers, cloud engineers and third-party vendors.

“Cloud services have afforded organisations tremendous speed to deliver new applications, but they have also created countless new identities and new attack methods. Cyber security controls often lag behind the scale of these new environments – contributing to cyber security debt. We are delivering new cloud security solutions that emphasise automation and risk reduction to help close that gap,” said Matt Cohen, CEO, CyberArk. “CyberArk is continuously investing to deliver comprehensive, innovative cloud security solutions, like Secure Cloud Access, that help dramatically improve identity security in the cloud.”

Additional CyberArk Cloud Security resources

Webinar: Multi-Cloud Identity Security, Combating a Wide-Open Door eBook: 2024 Playbook: Identity Security and Cloud Compliance

1 – Enterprise Strategy Group, “The Holistic Identity Security Maturity Model: Raising the Bar for Cyber Resilience,” by Jack Poller, February 2023