E-tailer Manages Access to up to 100,000 Containerized Servers
A Marine Vessel Operator Secures Remote Access for Diagnostics, Maintenance and IoT Data Collection
E-tailer Manages Privileged Access in a Containerized Environment with 100,000 Servers
Builds in-house microservices environment and chooses PrivX privileged access management (PAM) to secure access to their modern infrastructure.
Customer
- Multinational fortune 500 corporation
- Operates primarily in the cloud and offers services purely on-line Large container estate with Kubernetes orchestration in place
- Operations in more than 30 countries
- Has a strong drive to be at the cutting edge of technology
Challenge - PAM for an ultra-modern environment
The customer has a large and expanding container estate in-house. and their developers are using Docker to speed up and accelerate their application development. The environment is orchestrated with Kubernetes - a popular solution to automate computer application deployment, scaling, and management.
With plans to further expand the use of containers, the customer soon realized that while their container and their orchestration setup was a great fit for their agile development and production lifecycles (like continuous integration/continuous development (CI/CD) pipelines), it could use improvements in one particularly critical area: secure access management.
Requirements for privileged access management (PAM):
- Manage access in a secure fashion in Kubernetes orchestrated environment.
- Hybrid deployment for the cloud and on-premiseis
- Leveraging highly dynamic and automated functions native to container solutions, like auto-scaling and the granularity of microservices.
- Managing access for DevOps engineers, administrators and superusers with a proper audit trail of activities, ensuring access secrets are secured and segregation of duties (SoD) is followed,
- Modern microservices-based architecture to offer sufficient performance for containerized environments
Solution - Microservices PAM for Kubernetes environment
PrivX was deployed in a 3-way integration with an identity management (IDM) and ticketing system. Access to production is configured when a change ticket is approved, IDM then provisioning the user account, and users login via PrivX.
Since PrivX is natively built on modern microservices architecture, running the solution on Kubernetes allows the customer to run their PAM at the same speed, scalability and level of automation as they were accustomed to with their DevOps development lifecycle and using their container orchestration tools.
Now the customer can scale the function they need at a given time, instead of trying to scale an entire instance for resource savings. For example, if a group of developers have a temporary need for Secure Shell (SSH) connections. PrivX can scale up the PrivX SSH proxies without the need to scale the entire PrivX instance or spin up a new one. This saves resources considerably and allows instant and very dynamic scalability.
How does it work?
- PrivX imports imports IDs from user and host directories.
- PrivX is installed in the in-house Kubernetes orchestrated container environment and secures access to critical resources that are hosted there.
- The automatic mapping of user identities to roles allows the customer to keep up with the joiner-mover-leaver process as developers change projects or roles.
- PrivX scans the targets for any changes and discovers new targets as they appear, so the users and admins are always up-to-date on any changes in the targets automatically.
-
Access to targets is passwordless and keyless, and is granted just-in-time (JIT), meaning that there are not passwords or keys to manage at all.
-
Sessions are audited, can be recorded or monitored, and audit events can be sent to SIEM systems likeor Splunk for further analysis.
Container-scale performance
Since PrivX is built using the same microservices architecture as the customer container environment, it can scale at a breakneck speed if needed.
Up to 100,000 hosts supported
The superior performance of PrivX allows the customer to manage privileged access to up to 100,000 hosts.
Automated joiners, movers & leavers
PrivX links to directories for IDs and stays up to date with any changes, any changes in roles, projects or security groups are automatically synced for privileged access.
Efficient use of resources
The customer was able to ramp up their critical environment without huge investment into hardware because of resource-efficient PAM.
Zero Standing privileges
No permanent access or connection, permanent authorizations or permanent credentials in the critical environment.
No compromise
The customer did not need to make a compromise between security and performance in their production environment.
