Building your business on cloud infrastructure including AWS, Azure or Google Cloud Platform has enormous benefits. But without the right visibility and control, your organization could quickly become vulnerable to risk.
SailPoint Marketing: Hello.
Michelle France: Join now.
SailPoint Marketing: Oh, sorry. Yeah, I had the calendar hold. I’m just to start a little bit early, just, you know, so we don’t have to, uh, no one feels fresh and by the way, sorry, we are not in broadcast mode so you don’t have to worry about anything said, or any thing attendees cannot join until I hit a button.
Manish Kalia: Work down to the actually start
SailPoint Marketing: 1010 yeah
SailPoint Marketing: So you can, you know, take this time to exit out of any other applications. Give the slides transition
Michelle France: Close me
Michelle France: Okay, I’ve got slack close my ears.
SailPoint Marketing: And
SailPoint Marketing: If both of you. All right, now what two on the zoom window, you’ll see at the bottom, the little black bar that shows like participants mute or unmute
SailPoint Marketing: And if y’all want to go ahead and click Q AMP. A and I’ll show the Q AMP a box and when people put in questions you’ll see them there and and
SailPoint Marketing: In this Q AMP a box. You can also automatically dismiss questions like Minish if while Michelle’s presenting you see a question that like absolutely should not even be there that you know we really don’t want to address you can put it in the dismissed.
SailPoint Marketing: Sorry about that.
SailPoint Marketing: And then if you also want to have the bottom of the black bar next to Q AMP a next to share screen is chat. Y’all want to pull that up. I have a testing chat to all panelists.
SailPoint Marketing: We can just kind of
SailPoint Marketing: Chat privately in this window. If anything, you know, the question is really good. We get Sunday here.
SailPoint Marketing: I will be handling all of the attendee chats that are
SailPoint Marketing: Like, I can’t hear. Is this going to be, you know, available tomorrow.
SailPoint Marketing: So yeah, Michelle, you don’t worry about looking at the Q AMP. A or the chat, you know,
Michelle France: Good. Because, um, but can you. I mean, is my I’m sharing the screen right now in presenter mode is it coming through. Okay, through zoom
SailPoint Marketing: Yes, I can only see the presentation. I see. Yeah, I can’t see that funny. Oh.
Michelle France: You know what, I didn’t know this build. Haha. I’m good. I didn’t haven’t presenter mode. This is a build side.
Michelle France: I’m going to undo that actually
Michelle France: Lie so many of them had built. Well, it’s just too.
Michelle France: Okay, I just want to make sure I
Michelle France: Know, can you see my controls here on top or no.
SailPoint Marketing: No. Okay.
Michelle France: I wasn’t sure if it came through.
Michelle France: Okay, cool.
SailPoint Marketing: Perfect, perfect and minutes you have all the things you need for the demo up and ready if we want to practice that handoff.
Michelle France: Well in CAN HE JUST TAKE CONTROL like when I’m on the left side and say, Let’s see it in action money and can he just take control or do I have to transfer
Michelle France: Um, nope. He can take it.
Manish Kalia: Take it.
SailPoint Marketing: Me.
Michelle France: It’s Kalia right your last name.
Manish Kalia: That’s great.
SailPoint Marketing: And yes, I will be sending everyone a recording tomorrow. I know they’ll probably be the question that gets asked
Michelle France: Yeah, and I do cover that in the intro just that this session is being recorded and will send out the recording to everyone within 24 hours after
SailPoint Marketing: Trying to think of any other housekeeping items. Does anyone have any questions or
Michelle France: A we have Jackie, you can get off of here.
Michelle France: I saw are seeking
Jackie Brinkerhoff: Oh, Kirby sent me the link. I was just going to look at the questions that
Jackie Brinkerhoff: I will be it will not be interfering
Michelle France: Oh no, I know you just don’t need to listen.
Jackie Brinkerhoff: You’re going to do. Awesome.
Michelle France: Oh,
SailPoint Marketing: Sure, for sure. And if for whatever reason you absolutely hate it, we can always redo this recording, and I can get a video up again.
Michelle France: Oh, I’m sure it’s
SailPoint Marketing: All the great, great. It’s just so awesome to see that this topic really has resonated with a large audience.
SailPoint Marketing: So great job everyone all of these webinars already the other ones in the reading series, even though we’re not actively promoting we’ve already gotten quite a few registrants
Michelle France: Wow.
Michelle France: Yeah, because I do mention in here that this is the first of several over the next couple months.
Michelle France: I didn’t know the exact number. So I’m using several
Michelle France: And I know we have like five or six now and then potential do two more so.
SailPoint Marketing: Right, right. It’s always changing.
Michelle France: Yeah how’s everything meeting with this. We were still
Michelle France: We’re still finally finalizing the slides last night.
Michelle France: Hey, the way of the world.
SailPoint Marketing: Mm hmm.
SailPoint Marketing: I’m just glad to that, you know, with all this people are still able to participate and we have a lot of our field marketing driving registrations for our webinars now.
Michelle France: Oh wow, well, it just because, yeah, I suppose all their local stuff.
Michelle France: Yeah happening.
SailPoint Marketing: Yeah, we got quite a few field sales, which really helps our numbers because it’s a lot of direct one to one promotional
Michelle France: I’m gonna go on mute. And just make sure my kids go downstairs and go potty. So I’ll come
SailPoint Marketing: Yeah, yeah. Everyone feel free to do whatever. And I definitely won’t hit broadcast at all until probably 1001 stop.
Michelle France: Okay, I’m back location. The basement too skinny.
SailPoint Marketing: Range for babysitter. Oh, Louis.
Michelle France: Okay, I was gonna say did you get more sleep last night.
Luis Romero: Just went to bed, about seven o’clock this morning.
SailPoint Marketing: Hudson was a terror for so long.
SailPoint Marketing: Sleeping.
Luis Romero: Yeah, I mean, she does so good. During the day, like we can take her to a restaurant or whatever and like issues there. But as soon as we turn off the lights at night. It’s just non stop party for her.
SailPoint Marketing: Oh and Michelle I put the like can questions in the panelists chat.
Michelle France: Okay.
SailPoint Marketing: Just as a reference. I know. We’ll get an A lot, too. I have no doubts, but it’s always nice to have things to kind of get the conversation going.
Michelle France: Hey, that’s how many
Michelle France: It’s my headset coming through. Okay.
SailPoint Marketing: Yes, that sounds really
SailPoint Marketing: Right. Is everyone ready
Manish Kalia: Yep.
Michelle France: Sorry.
Michelle France: I keep talking to myself.
SailPoint Marketing: Right, I’m gonna go on mute, and then I will hit broadcast button so attendees can start to join.
Michelle France: Okay, and you’ll tell us when we should actually start though.
SailPoint Marketing: Yes, I would. I can chat it. I would say we should start like 1003 okay um, once I hit broadcast everyone will be able to hear what we’re saying. But we can always chat in the chat.
Michelle France: Okay, but just. Yeah. Hold on, let me make sure. Hold on, I want to make sure I’m not sharing it.
Michelle France: Yeah.
Michelle France: That I’m just sharing the PowerPoint.
SailPoint Marketing: Yeah, I can only see the PowerPoint.
SailPoint Marketing: Start the broadcast
SailPoint Marketing: To one
Michelle France: Okay, it looks like we’ve got a good quorum of people. So we’ll go ahead and get started. So, hello everyone. Good morning, good afternoon. Good evening, depending on where you’re joining us
Michelle France: Welcome to the sale point rethink identity webinar series.
Michelle France: This is the first of several webinars over the next couple of months that sale point will be hosting and today’s topic is stop the number one cloud threat on authorized access
Michelle France: Now this session is being recorded and we will send out the recording to everyone within 24 hours after the webinar.
Michelle France: Today we have myself. Michelle, France, I’m the Senior Product Marketing Manager for sale point SAS services and money. Scalia, our Director of Product Management
Michelle France: We’re going to walk you through how sale point is adopting new rethink I did any approaches to embrace the rapidly changing landscape of identity governance.
Michelle France: Then we’ll cover specifically how the explosion of cloud infrastructure such as AWS Azure and Google Cloud Platform or GDP is one of the primary variables behind our rethink identity approach.
Michelle France: And then how you can take advantage of cloud governance to get control of the cloud will also demo our cloud governance solutions. You can see it in action and have time for some questions at the end.
Michelle France: Now identity has been around for a while. Initially, it used it primarily as a tool to help with basic provisioning ensuring people got access to apps for what they needed, especially when they were on boarded
Michelle France: Now, over the years, identity has really evolved into a very strategic security and compliance solution.
Michelle France: To really give organizations answers to three key questions. Who has access to what who should have access and how they are using that access
Michelle France: However, digital transformation has now introduced so many new variables that it’s become almost overwhelming to IT departments to keep up.
Michelle France: These new variables could include more user types such as employees contractors vendors and even bots more and more and more apps.
Michelle France: More sensitive data is being stored across various on prem and cloud storage repositories and now the explosion of cloud infrastructure such as AWS Azure and TCP
Michelle France: There’s never been a more critical time for organizations to really rethink what identity can do for them.
Michelle France: The good news is that sale point has anticipated these waves of change coming and we did something about it.
Michelle France: Now using AI and machine learning, we’ve been able to take the complexity out of identity, making it much easier to administer in us and that you can focus on what really matters to your business.
Michelle France: Now, for those of you that may not be experienced
Michelle France: With identity. You may think it’s simply about access management, but it’s so much more than that identity helps you control access. Once your users gain entry into your network so that each user can only see what is relevant to do their job.
Michelle France: Now what enables your workforce with 24 seven self service which offloads your IT help desk calls, saving you tons of money.
Michelle France: And helps drive productivity and user satisfaction now AI and machine learning also makes it easy to know if it’s safe to grant access to someone or not.
Michelle France: It helps you quickly find risky user access and because it’s delivered from the cloud and use industry best practices. It’s quick to deploy and configure
Michelle France: Now if you’ve already been engaged with identity. You’ve seen this evolution take
Manish Kalia: Place.
Michelle France: The good news for you is that AI and machine learning are big game changers for your identity and it
Michelle France: Teams, especially if you have a large amount of identities, you’re managing
Michelle France: It is now so much easier to create access models enroll safely automate it tasks and keep policies up to date as your organization changes.
Michelle France: And with AI recommendations, your line of business managers won’t have to guess or just rubber stamp or through their way through access certification campaigns. In fact, your compliance audits will be much easier to prepare for and demonstrate when auditors ask for documentation.
Michelle France: The bottom line is that people are the new security parameter. And now you can consider identity. The new firewall.
Michelle France: Whether you are new to identity or an expert, you will find that AI driven identity can help you accelerate your business enable your workforce and help you achieve continuous compliance.
Michelle France: So thank you for joining today and we’ll dive into rethinking how identity can address both your cloud infrastructure and privileged access to your application workloads that run on that infrastructure.
Michelle France: Know a lot of organizations are adopting cloud infrastructure as a service or iOS platforms such as AWS Azure and Google Cloud Platform or TCP
Michelle France: To build and host their internal and external apps and workloads. Now these cloud platforms are really helping organizations cut costs work more innovatively and flexibly.
Michelle France: Spinning up it resources is just a click away, you can scale to your exact business needs in minutes without having to guess on capacity and you only pay for what you consume.
Michelle France: You no longer have to maintain data centers and can actually focus on your business, you can go global in minutes and deploy your applications anywhere around the world. In just a few clicks.
Michelle France: Cloud is platforms provide a simple way to access applications and workloads such a server storage and databases, among other things.
Michelle France: It’s become so pervasive that 84% of organizations are leveraging the cloud and almost 80% are using at least two different cloud is platforms.
Michelle France: Now, beyond the ease of using these platforms. There are already there are also so many reasons why businesses would use multiple platforms.
Michelle France: Each platform. You know, it’s why organizations use multiple clouds. It’s very important to maintain that business flexibility and continuity.
Michelle France: By avoiding a single vendor approach if there’s an SLA or a pricing issue with a particular vendor your organization is at risk, but by avoiding dependency on a single vendor, you can quickly pivot your business when and where needed.
Michelle France: Now, each cloud platform provides a mix of features and functions that may be optimized for specific application or workload, but with a multi cloud strategy. You can choose the vendor that is best specialized for particular use case.
Michelle France: As with the data center environment. It’s important to maintain high availability and support disaster recovery.
Michelle France: Now, if a single cloud vendor goes down or impacts performance. It’s critical to be able to route workloads to another cloud provider if needed.
Michelle France: Also with the rise of data privacy. It’s imperative that you are addressing global and regional compliance requirements.
Michelle France: Now one cloud provider may not be able to address these requirements in all regions, but with a multi cloud approach. This can be done much easier and with lower risk.
Michelle France: So there’s really no disputing the benefits and ease of a multi cloud strategy, but as organizations rush towards is adoption security has
Michelle France: Been left in the dust and cloud environments are starting to resemble the Wild Wild West.
Michelle France: Now the ease and efficiencies afforded by cloud is, as I mentioned earlier had been a huge enabler to system architects and dev ops teams.
Michelle France: But the security and governance needs are just as important as all these benefits so much like when social media was a new transcendent communication platform.
Michelle France: That easily joined together friends and families, the potential negative impact of data privacy was rarely if ever managed early on as adoption took off.
Michelle France: And it was not until after many high profile incidences involving social media that data privacy began to be addressed.
Michelle France: Now the accelerated adoption of cloud I as as following that similar pattern.
Michelle France: It’s become so easy to spin up an AWS instance that this ease is contributed to an unprecedented scale and complexity of cloud workloads, which can be in the thousands or millions
Michelle France: So, on top of that you can have hundreds of changes every day involving the creation deletion or modification of objects, along with access policies and controls.
Michelle France: Access and authorization controls are very complex in the cloud. And when combined with roles objects. Active Directory. It can be very challenging to understand
Michelle France: And many organizations just can’t keep up with the vol volume or complexity or this constant change constant state of change.
Michelle France: Manually spot checking accessing cloud just doesn’t scale organizations using two or three cloud platforms, maybe relying on individual native management tools for each platform.
Michelle France: But this lack of consistent visibility controls policies. It’s not only burdensome to manage, but it also creates a situation for inconsistent security and compliance gaps.
Michelle France: So addressing this new multicolored norm, with the traditional approach simply can’t keep up.
Michelle France: This has been proven with many high profile incidences related to inappropriate or malicious access to cloud is platforms.
Michelle France: In addition to find the fallout can be, you know, a series of long lasting impact future revenues stock price brand image.
Michelle France: So organizations really need to rethink identity with an AI based approach that provides Automated and intelligent governance to keep up with the scale and rapid change in the cloud.
Michelle France: Now, this starts with getting a comprehensive view of all access across each platform.
Michelle France: You can’t govern what you can’t see. So as fast as things are changing. You need continuous access visibility to know who has access to what from where and how
Michelle France: Now, given the complexity of cloud access your best suited to rely on a consistent set of access controls to ensure that your governing access in the same manner.
Michelle France: No matter what cloud vendor, the user or workload resides. Now we’re not living in a world where there are millions and sometimes billions of points of Access that have to be managed.
Michelle France: Yesterday’s human based approach cannot keep pace with today’s sophisticated security threats and high stakes compliance requirements.
Michelle France: We must leverage an AI and machine learning to automate this access. You can shine a spotlight on high risk matters that need or detention and your organization is audit ready now. Let’s dig a little deeper into how you can discover protect and govern your cloud is x
Michelle France: Now, as I mentioned, you can’t can’t take control of your multi cloud infrastructure without getting a complete view of your access
Michelle France: You need to take an automated approach that reaches out across all your cloud is platforms together all the access users have to all your infrastructure and workloads.
Michelle France: Now all that access and authorization layers across ad cloud application infrastructure and data.
Michelle France: Then need to be pulled together in a single unified view and this just isn’t a one and done process access and workloads continually change. So you need to keep up with these changes.
Michelle France: With a comprehensive access map you can now apply machine learning to better understand access intent and usage across all your identities and cloud infrastructure.
Michelle France: Now has access changes which may not adhere to policies, it’s important to provide alerting in near real time have any non compliant access
Michelle France: So once you have a holistic picture, you can actually start to protect and secure this access
Michelle France: Now once you have visibility to the access within these cloud platforms and workloads. You can now start making sure the right security is in place, especially around privileged access
Michelle France: You may have workloads that contain sensitive data or have applications or databases running and cloud infrastructure that must adhere to specific access control requirements.
Michelle France: Now cloud privileged users may have rights to create alerts setting change changes edit privileges and purge entire cloud environments completely outside the scope of other access controls.
Michelle France: But once you’re able to see what access is privileged in nature, you can start putting security controls in place to holistically protect this access
Michelle France: You can consider here them by cycling credentials and limit risk by rotating keys and passwords.
Michelle France: If you’re spinning up new privilege workloads, you can automate the creation of credentials for these workloads as well.
Michelle France: And for additional security, you can record all session activities so that you have an audit trail of what users are doing and critical cloud workload work environments. Now,
Michelle France: Now organizations have long understood the need to govern access to applications and data and it should
Michelle France: Be no different from a cloud environment standpoint. So as more and more applications and databases and storage are being deployed on cloud infrastructure.
Michelle France: It becomes even more critical that businesses, ensure that they are aid hearing to compliance requirements.
Michelle France: Now, again with the massive volume complexity and change taking place in the cloud user error and lack of insight potential malicious activity can create a significant compliance gap.
Michelle France: It’s no longer sufficient to just validate user access you know once or twice a year. It’s imperative to implement automate compliance policies so like a set of guard rails to monitor whether your environment is out of compliance.
Michelle France: And point to which users and groups are outside that compliance area in real time.
Michelle France: So using any sort of manual processes and attempt to maintain a strong state of compliance across thousands of millions of points of access just isn’t feasible. You’ll also need to provision.
Michelle France: And certify access in a standard manner as you would any other application and resource. So with a standardized process you can avoid any sort of shadow IT
Michelle France: And even if your dev ops team tries to spin up a cloud resource, you’ll have guardrails in place to limit what can be done based on policy.
Michelle France: You also need to analyze what activity is taking place. So what’s the history of this user this account. How often is changing. Who’s interacting with it. This will help create or just policies based on the needs of the business.
Michelle France: Now, there’s no doubt that cloud is platforms are here to stay and organizations will continue to build a business on cloud infrastructure, including AWS Azure and TCP
Michelle France: But before your cloud platform resembles the wild wild west or if it already does, and you need to wrangle your herd, here’s what you can do with your security and compliance rains.
Michelle France: So take a consolidated approach to managing your entire multi cloud.
Michelle France: So so points cloud governance, the cloud access management can help you discover and govern access to your cloud infrastructure.
Michelle France: Where workload privilege management can protect your privileged access to your applications and workloads running on that infrastructure.
Michelle France: We’re providing that single pane of glass view across each platform. You can now have the leverage to take control.
Michelle France: You can monitor access implement policy guardrails provisioning and D provision access and detect high risk access
Michelle France: Compliance is already difficult before we started adopting cloud is but now it’s exponentially harder with the scale and change the cloud.
Michelle France: But by automating your compliance program with the power of AI and machine learning. You can confidently keep the compliance horse in front of the volume and variety of cloud workloads.
Michelle France: Now with cloud infrastructure, being a top of tech target, it’s even more important to limit your security risk now. By automating these privileged access and rotating credentials you ensure that your most valued data assets are safely corralled
Michelle France: Now, we talked about how called governance can help you take control of your multi cloud heard, but let’s see an action Minish
Manish Kalia: Sure I ruin this is money. And what I wanted to do is show you a demo of the services and action, Michelle. Can you see the screen.
Michelle France: Yes, you are.
Manish Kalia: Great.
Manish Kalia: Morning everyone as she was mentioning all enterprises are moving to multi cloud, which means that we have workloads running now in AWS is your GDP and his workers are growing rapidly.
Manish Kalia: One of the key challenges which becomes is being able to go and access to this workloads, because these workloads can have a lot of sensitive data.
Manish Kalia: Sensitive resources sitting on them and attackers are always targeting these workloads.
Manish Kalia: And one thing we find in this public cloud platforms like AWS is your at GCT is that almost all security is done and I am layer which is very unique to the cloud.
Manish Kalia: And to all kinds of policies into the who can access your sensitive privileges your assets, your data, what actions they can perform
Manish Kalia: Is all done and I am there which is very, very unique and so that I am there becomes very important to manage and access becomes the way you secure your cloud infrastructure.
Manish Kalia: And then another key tingly seeing these platforms, is that just not just about human entities, but also a lot about machine entities.
Manish Kalia: In fact, as, as soon as you start increasing the scale of your cloud infrastructure, the number of machine identities starts, far, far outnumbering the number of human identities.
Manish Kalia: So what we have done is we are launching two services here to help you solve this challenge of gaining access to cloud the first services Cloud Access Manager and this is the
Manish Kalia: User Interface you’re seeing on your screen. This service will connect to your public cloud platforms. Your AWS environment, your, is your environments. Your GCB environments.
Manish Kalia: And what we first do is a discovery phase where it reconnect to these platforms using API some software is required.
Manish Kalia: You can pretty much sell them the solution and under 30 minutes it connects to your call and discovers your cloud environment.
Manish Kalia: Which means it will map out all your identities, both human and machine entities as well as map out all the access they have to any kind of a policy in your cloud.
Manish Kalia: Whether the access has been granted two groups roles or through policies which are hard to manage such as resource policies user policies.
Manish Kalia: Or, you know, organizational level policies. So it looks at all kind of iron access which is being accessed in your cloud and it maps out this access starting all the way from identity.
Manish Kalia: And also takes federated entities into account, going to the privileges which those are entities have in your cloud and then nothing to the objects which those privileges apply to. So it’s an end to end mapping of all access in your cloud environments.
Manish Kalia: Now let’s take a look at that. Let’s say we go to an identity and we dig deeper into what can this identity access
Manish Kalia: So what you’re seeing on the screen here is a graphical view which is showing you that this specific identity.
Manish Kalia: Which could be sitting in your local cloud account, such as AWS or it could be coming from Active Directory by being a federated identity.
Manish Kalia: It is showing you what all this identity can access and as you can see in cloud, because there are so many ways of accessing
Manish Kalia: Things to different kinds of policies, you know, it can be a very complex thing to understand what can an identity access
Manish Kalia: And what we do is because we are building this map of access continuously, we have this full view across your multi cloud environment. And what that accesses
Manish Kalia: And so for example if you scroll down you can see all the different assets in the cloud, which does have an entity can access
Manish Kalia: And you can also look at not only what they can access, but how or what is the policy which is granting that access right
Manish Kalia: So all of that information is mapped out in real time, which also means that as those things are changing in your cloud environment which could be changing on a day to day or an hour Lee or a basis, all the changes are being reflected in terms of access in your cloud.
Manish Kalia: So not only do we map the objects which can be accessed by our different identities, but also what entitlements or privileges, they have in that environment.
Manish Kalia: Now in cloud. You can literally have thousands of privileges, which you need to manage and they’re very granular and very hard often to understand
Manish Kalia: So we not only capture all those privileges which these entities have access to. But also, we look at how is that, how are those privileges being used historically, so you can see the historical usage here.
Manish Kalia: And you can look at privileges, which are being had been granted to that particular identity, but which are unused and obviously the goal of least privilege or
Manish Kalia: Zero trust security is to really right size access for your identity. So we help you there too. And we’ll go a little deeper into it later on.
Manish Kalia: So we are mapping out access for all entities is not only human attendees, but also machine entities like virtual machines lambda functions and helping you get visibility in this discovery phase on what can they access
Manish Kalia: You can also look at Acts from the other side where let’s say there’s a specific high value object in your environment, such as a data bucket or
Manish Kalia: encryption key and you’re trying to understand who all can access this object. And this is very important for scenarios like compliance audit where you’re trying to investigate access patterns.
Manish Kalia: So all of this is automated. Not only can you look at this information on the UI, you can have a powerful search experience on it.
Manish Kalia: For example, you can go and search for any user who has access to, let’s say, any kind of s3 data with a specific tag.
Manish Kalia: And these could be your tags, which your organization is using. And for example, you want to find out across your multi cloud workloads which users have access to object stores.
Manish Kalia: Such as S3 and manage multi cloud environment which had the PCI tag on them and it is as simple as that, to query your complex cloud entitlements and policies and find those identities which had that access
Manish Kalia: Not only can you find this information very fast. But you can also create guardrails to monitor for this. And the reason that’s important is cloud is all about automation.
Manish Kalia: And it’s not it’s not practical to keep on manually searching for things you need to have automated ways of discovering access which is high risk.
Manish Kalia: So let’s say you wanted to monitor for any new users who are getting access to your sensitive PCI data, you can just save any search query you do as a guardrail
Manish Kalia: And think of it as a saved search just like you have a safe Google search and what we are looking at monitor for St data with PCI tag.
Manish Kalia: And what you’re really doing is you’re saying, I want to be notified if any new identity gets the faxes
Manish Kalia: And you’re just not saving this guardrail and that’s really how simple and straightforward, it becomes to create your own guardrails here.
Manish Kalia: And monitor your infrastructure cloud infrastructure for unsafe access in real time.
Manish Kalia: Now we include the law we include a lot of these guardrails pre built in the product, whether it is for monitoring monitoring things like
Manish Kalia: Shadow access data access privileged access all of these are invalid guardrails, and one to set up the product they started monitoring your cloud infrastructure.
Manish Kalia: In real time identifying hires calculus patents. But as you saw, it’s very easy to create your own guardrails which map to your unique audit controls.
Manish Kalia: Are where you can create your own queries and Satan them. We also have AI based monitoring, which is looking at every entity and mapping out and learning.
Manish Kalia: How the user access and the goal really is to identify any suspicious activity, whether that’s users who are suddenly using their access beyond what they normally do.
Manish Kalia: Or it’s finding identities were which are being you know exploited and they’re connecting to your cloud infrastructure from locations which are suspicious.
Manish Kalia: Or, you know, looking at areas where users may be using some privileges, which are high risk.
Manish Kalia: So all of these are different threat models which AI has built in it, learn them automatically for real identity by looking at the usage data for each identity and helps you keep the risk of cloud at big
Manish Kalia: Finally, we also look at least privilege, where we map out for each entity. What is the sensitive privileges, which this entity has which are not being used.
Manish Kalia: And again, this is to help you right size access AND take away access which is posing a risky or cloud infrastructure. So to Cloud Access Manager service we allow you to not only discover all your access but also go on it using both guardrails, as well as automated monitoring.
Manish Kalia: And to compliment this service. We have a second service, which is the workload privilege manager.
Manish Kalia: And so the Cloud Access Manager is securing your public cloud, which is your AWS zero real GDP environments, the public cloud is there.
Manish Kalia: But remember, you’re also running a lot of workloads and virtual machines on top of this public cloud, and it’s equally important to secure access to them as well.
Manish Kalia: And that’s what the workload privilege manager service does it maps out and all your workloads your virtual machine your VM your Linux, Windows VM.
Manish Kalia: Which are running on this public cloud environment and let you secure access to them to SSH to RDP. So let’s say you have a specific virtual machine.
Manish Kalia: There are different types of access, you can grant to your users to these virtual machines, whether it’s privileged access
Manish Kalia: Standard access. We take care of setting up the access provisioning the keys rotating the keys securing the keys. We also let you monitor all of the activity which is happening in those and
Manish Kalia: Access sessions, such as you know where you’re looking at, for example, a specific access and you want to look at what what what activity did that used to do.
Manish Kalia: All of that is monitored here and this provides you one place to not only provision this access but also monitoring. So for example, let’s say, a user has since been granted access to a specific virtual machine.
Manish Kalia: You can connect to that virtual machine from from this environment and now he has an ability to get and into that virtual machine in the cloud.
Manish Kalia: And let’s say he’s doing some activity. All of this information will then be taken by the system and is presented as reports which you can monitor for and look
Manish Kalia: So we are giving you a method of not only securing that access but continuously ensuring your audit and compliance and ensuring that your virtual machines and workloads, which are running on top of the public cloud are protected.
Manish Kalia: And the one of the challenges here is also the scale of these workloads can be very, very high.
Manish Kalia: And so it’s critical that when you’re setting up access and provisioning your keys to these workloads that you use automated methods. And so one of the key.
Manish Kalia: unique value and for a platform is the automation. We deliver in terms of setting up credentials and all of these different workloads, which are constantly spinning up and down in your current environment.
Manish Kalia: So with that, I want to pause and
Manish Kalia: Thank you for attending this webinar but also wanted to open up the floor for any questions you have regarding managing and getting access to your cloud environments.
SailPoint Marketing: Looks like we got a few questions here and I’ll go ahead and kick one off. Is this a SAS or software solution.
Manish Kalia: Great, great question. Yes, this is the to the SAS based solution. So it’s a SAS based offering but you know it’s delivered from the cloud. However, we are
Manish Kalia: Building integrations with both identity IQ energy now so you can you can use your existing idea platforms to go on and get the benefit of the services.
SailPoint Marketing: Awesome.
SailPoint Marketing: How does this solution use AI and machine learning.
Manish Kalia: This solution using the AI and machine learning to solve the problem of not only mapping out who has access to water in your cloud environment.
Manish Kalia: But also learning the usage profiles for every entity by looking at their historical usage data.
Manish Kalia: And doing things like peer group analysis on that as well as using machine learning models to train based on that data and identify suspicious activity high risk access being granted in your environment.
SailPoint Marketing: Awesome.
SailPoint Marketing: Does is vendors like Amazon provides similar capabilities to secure workloads.
Manish Kalia: platforms like YouTube, this is your TCP provide some basic tools in terms of managing your policies and so on. But you know where where it becomes
Manish Kalia: A big challenges. How do you provide a very granular access visibility going in.
Manish Kalia: And protection, all in one suite which is not only multi cloud, but is also has all those governance capabilities related to IgA
Manish Kalia: So yeah, so they provide basic solutions, but you know if you want enterprise. Good idea of solution for managing echo access across your multi cloud environment, then it becomes a challenge. And we are essentially helping you address that challenge.
SailPoint Marketing: Awesome.
SailPoint Marketing: Um, so I have a few questions come in through the Q AMP as well.
SailPoint Marketing: So many can you elaborate on the ML model that we are using
Manish Kalia: Sure. I mean, you know, machine learning has many different models. And so, you know, we use multiple models. Obviously we use
Manish Kalia: You know some of the newer techniques like you know deep learning, but we also use a lot of old models library. So as far as and so on.
Manish Kalia: And the goal really in all machine learning is look at the data, which you have available and using that data, you’re essentially learning the usage patterns of different
Manish Kalia: Entities in your system in you using those to identify activity or access, which is a normal which could be based on things like looking at the peers are looking at, you know,
Manish Kalia: Certain different kinds of steps within the environment. So yeah, so. So we’re using a lot of cutting edge techniques there and, you know, happy to sort of dig a deeper dive in. A follow on conversation on that.
SailPoint Marketing: Shame. And if we don’t address any questions we will follow up with everyone after this webinar course I have another question here. If we go with cloud governance, do we still need individual connectors that come with IQ for us or AWS, etc.
Manish Kalia: So, great question. So we, the cloud governance services multi cloud. It supports managing your is environments across AWS and during GDP and so it includes all the connectors. You need for doing that. And it’s a one solution which addresses all three contact forms.
SailPoint Marketing: Awesome. Next question we have is this different. It’s just a different product from IQ, or can it be installed as an additional module of IQ to be accessible from the IQ.
Manish Kalia: Great question, as I mentioned, this is a SAS service, but we are what we are doing is we are making integrating it with
Manish Kalia: You as well as any now. So yes, you will be able to leverage the capabilities which this service springs in your IQ platforms and right there and then so so yes is the short answer is, it will integrate with IQ to help you leverage those capabilities.
SailPoint Marketing: Austin.
SailPoint Marketing: Next question is, how can I tune the threat alerts to minimize the noise, especially false positives.
Manish Kalia: Yeah, I’ve been with any I wish systems. So, you know, you can have false positives that certainly too. So just to kind of break that down into two parts. Right. So we have two kinds of monitoring.
Manish Kalia: You do in the product from the one and straight. One is based on searches, which are the guardrails in the second is based on a base anomaly detection.
Manish Kalia: And in what cases, you know, we obviously are helping you really control what you’re looking for. What you want to monitor your current environment.
Manish Kalia: With guardrails, you know, you can critique your specific queries which you want to search for access patterns in their environment.
Manish Kalia: And get results and get findings, which are matching those. So it’s very, very specific
Manish Kalia: For enemies models we use a lot of English techniques to reduce noise and this includes things as not only learning user profiles or activity profiles for individual identities, but
Manish Kalia: using things like peer group analysis to kind of make sure that we are not learning one of patterns. So there’s a lot of work which already has gone in, in that area. And we are continuously brewing those algorithms and some of those areas.
SailPoint Marketing: Awesome, thank you so much for sharing. Another question when the guardrail query detects a new identity during monitoring. Is there any way to tie that to a sale point approved access request ticket if one exists.
Manish Kalia: That’s a great question. So one of the things we are actively building right now is exactly those kind of deeper integration workflows are on certifications access requests.
Manish Kalia: And and so the vid the dying, the service and visibility and governance, it provides into the
Manish Kalia: Standard sort of processes and workflows, we have in our idea platforms like identity IQ and energy now so that that is that we are building on and that that integration will be coming soon later this year and exactly those are the kind of scenarios which will, you will be able to enable
SailPoint Marketing: Awesome.
SailPoint Marketing: One more question. How is the licensed structure for cloud governance.
Manish Kalia: So the donor service is basically helping you go and access to a cloud environment. And so the licensing is largely BS and
Manish Kalia: Ending killer.
Manish Kalia: As well as the amount of
Manish Kalia: Identities which are getting access to the cloud environment for we’re privileged activity or other areas.
Manish Kalia: So we’re happy to provide more details on that based on you know your unique needs. So as I mentioned, we have two services their
Manish Kalia: Cloud Access Manager and workload privilege manager. And so, yeah, happy to go into the second level of detail, but at a higher higher level, it is it is basically, we look at the size of cloud environment as well as the mono identities, we sneak privileged access to that environment.
SailPoint Marketing: Awesome. And I think last question is this product, different from an identity AI.
SailPoint Marketing: Yes, they’re complementary
Manish Kalia: Products and then the is really helping us automate some of the traditional cumbersome processes in our idea plus processes like certifications so on and
Manish Kalia: Got Access Manager and look we’re privileged managers specifically around helping the what access new cloud platforms. And so they’re very complimentary and their work with each other.
SailPoint Marketing: Awesome.
SailPoint Marketing: Thank you so much. And I think that wraps up the Q AMP. A if we didn’t get to any questions. Keep in mind, we will have all of these
SailPoint Marketing: You know, with the sales rep follow up with you individually just
SailPoint Marketing: And I’ll kick it back over to Michelle.
SailPoint Marketing: We just want to thank you all for joining us today and we’ll send a webinar recording and irrelevant asset as soon as tomorrow. So keep a lookout for that Michelle minis. Thank you so much for hosting today’s webinar.
SailPoint Marketing: Have a great day everyone.
Manish Kalia: Thanks, everyone.
You might also be interested in:
Find out how SailPoint can help your organization.