This website requires Javascript for some parts to function propertly. Your experience may vary.

Simplifying Privilege Access Management | Cisco Investments

Simplifying Privilege Access Management

Soo Jin Park's avatar

Soo Jin Park

Identity Security measures continue to be a critical pain point for chief information security officers.

We know this because you told us.

In our 2023 CISO Survival Guide, 85% of IT-decision makers we polled said they were prioritizing identity and access management more highly than any other security solutions.

More than a third of those surveyed said privilege access management (PAM) was driving investment, and nearly a quarter said ease of integration was key for technology adoption.

You also highlighted that without a unified platform for Identity Access Management (IAM), Identity Governance and Administration (IGA), and PAM, enterprises end up with a fragmented identity system. This leads to the need for manual adjustments to fit these solutions, causing more friction and delays when security risks demand greater efficiency.

We agree with you.

The Evolving Enterprise

Today’s enterprise is moving away from trusted networks and perimeters, evolving well beyond the four walls of the workplace, and accessed from virtually anywhere on the globe.

Network managers must have a deeper understanding of who has access and what actions they’re taking. Understanding who has access is particularly important, because it isn’t just people acting on the network anymore. People, and machines, such as scripts, automated build systems, and even cloud containers can all act on a network. Moreover, the people who need access changes regularly. It’s no longer just about the IT admin. Now it includes developers and DevOps, with constant additions and removals within these roles. The result is the need for a more dynamic PAM that can accommodate this rapidly changing landscape.

The modern IT environment is full of temporary computing resources, making it difficult for security officers to give short-lived and minimal access permissions, a key aspect of the zero-trust approach. This complexity is made worse by the need to manage access across different areas: from users to applications, between applications, and from on-premises infrastructure to applications.

For all these–reasons we’re investing in StrongDM.

“Twenty years ago, you could assign a few administrators a generic admin account and could log who did what. It was simple,” says Tim Prendergast, CEO of StrongDM. “It’s not simple anymore. We’ve compounded the complexity, with different technologies, and we had yet to develop a unifying architecture that can take some of the complexity out of it.”

.
StrongDM CEO Tim Prendergast

Simplifying Security Across Cloud Ecosystems

StrongDM was founded with the core philosophy of provisioning adaptive and dynamic privileged access for modern, as well as hybrid enterprises. They provide a unified PAM platform to secure privileged access for microservices and cloud native environments and concurrently simplifying identity tool sprawl for hybrid compute environments.

Traditional PAM tools were made for setting up access from users to applications in closed-off systems, like assigning specific IT admins. Now, rules and security standards require a more flexible setup, especially with people working from different locations. This has led to the rise of Cloud and Modern PAM platforms, like StrongDM, which can adapt to these distributed work environments and handle dynamic access between different entities.

“Less complexity means less opportunity for mistakes and human error,” Tim explained. “It also means less places for attackers to hide, especially in cloud-native organizations.”

For cloud native organizations this is particularly important. Referring again to our 2023 CISO Survival Guide, we found that more than 85% of enterprises are expected to embrace a cloud-first approach by next year, but about three-quarters said lack of visibility into the cloud, including log collection, was still a top challenge.

“Cloud-native enterprises are moving fast, with a lot of dynamism in their environments. Their systems may come up and down, only live for a few seconds at a time, and yet there are still all kinds of different credentials, certificates, password keys floating around,” Tim said. “Having one, unified way to handle that is critical to ensuring a strong cybersecurity posture.”

Modern PAM in Action

StrongDM acts as an interface, facilitating access and connection to infrastructure seamlessly. It consists of a gateway, deployed in the cloud or on-premises, managing access between users and assets, alongside a control plane coordinating these elements with existing identity systems, such as Active Directory.

Through dynamic enforcement of policies, access is granted only to those meeting corporate security standards, ensuring compliance without creating friction.

“If someone wants to connect to a database but they aren’t on a corporate approved laptop, or their laptop doesn’t have the right agent on it, then they don’t get access to the database,” Tim explained. “It is that simple.”

Perhaps most importantly, StrongDM can do this across more than 100 different technologies, meeting the need for a unified approach to access management.

“Think of it like locking doors and windows to your house, but each one has a different locking mechanism,” Tim said. “Would you lock one side door and leave the rest open because it was too difficult using dozens of different keys, or would you want to lock them all with one key? Which feels more secure? It’s clearly the latter. Variances in technology made it difficult for us to get here, but we’re here.”

Working with Cisco

Both Cisco and StrongDM are committed to securing access to the internet and applications, recognizing the critical role of identity telemetry in modern security landscapes. With this investment, we can work together to help bridge the gaps across authentication, access, and authorization, offering customers confidence and support in achieving comprehensive identity security aligned with zero-trust principles.