Skip to content
Get in touch

E-tailer Manages Privileged Access in a Container Environment 

Builds in-house microservices environment with 100,000 servers and chooses PrivX privileged access management (PAM) to secure access to their modern infrastructure
Learn more about modern PAM
Central mainframe augmented with light data

Customer

  • Multinational Fortune 500 corporation

  • Operates primarily in the cloud and offers services purely on-line Large container estate with Kubernetes orchestration in place

  • Operations in more than 30 countries

  • Has a strong drive to be at the cutting edge of technology
Powerful quantum-safe security solutions

Customer challenge: PAM for an ultra-modern environment

The customer has a large and expanding container estate in-house and their developers are using Docker to speed up and accelerate their application development. The environment is orchestrated with Kubernetes  - a popular solution to automate computer application deployment, scaling, and management.

With plans to further expand the use of containers, the customer soon realized that while their container and their orchestration setup was a great fit for their agile development and production lifecycles (like continuous integration/continuous development (CI/CD) pipelines), it could use improvements in secure access management.

Manage access in a secure fashion in a Kubernetes orchestrated environment, using hybrid deployment for the cloud and on-premises.

Leveraging highly dynamic and automated functions native to container solutions, like auto-scaling and the granularity of microservices.

Managing access for DevOps engineers, administrators and superusers with a proper audit trail of activities, ensuring access secrets are secured and segregation of duties (SoD) is followed.

Modern microservices-based architecture to offer sufficient performance for containerized environments.

Solution: Microservices PAM for Kubernetes environment

PrivX was deployed in a 3-way integration with an identity management (IDM) and ticketing system. Access to production is configured when a change ticket is approved. IDM then provisions the user account, and users login via PrivX.

Since PrivX is natively built on modern microservices architecture, running the solution on Kubernetes allows the customer to run their PAM at the same speed, scalability and level of automation as they were accustomed to with their DevOps development lifecycle and using their container orchestration tools.

The customer can scale the function they need at a given time, instead of trying to scale an entire PAM instance for resource savings. For example, if a group of developers have a temporary need for  Secure Shell (SSH) connections. PrivX can scale up the PrivX SSH proxies without the need to scale the entire PrivX instance or spin up a new one. This saves resources considerably and allows instant and very dynamic scalability.

How does it work?
Etailer_microservices_architecture
  1. PrivX imports imports IDs from user and host directories.
  2. PrivX is installed in the in-house Kubernetes orchestrated container environment and secures access to critical resources that are hosted there.
  3. The automatic mapping of user identities to roles allows the customer to keep up with the joiner-mover-leaver process as developers change projects or roles.
  4. PrivX scans the targets for any changes and discovers new targets as they appear, so the users and admins are always up-to-date on any changes in the targets automatically.
  5. Access to targets is passwordless and keyless, and is granted just-in-time (JIT), meaning that there are not passwords or keys to manage at all.
  6. Sessions are audited, can be recorded or monitored, and audit events can be sent to SIEM systems likeor Splunk for further analysis.

Benefits
scale-balanced
Container-scale performance

Since PrivX is built using the same microservices architecture as the customer container environment, it can scale at a breakneck speed if needed.

High Speed
Up to 100,000 hosts supported

The superior performance of PrivX allows the customer to manage privileged access to up to 100,000 hosts.

Users-gear
Automated joiners, movers & leavers

PrivX links to directories for IDs and stays up to date with any changes, any changes in roles, projects or security groups are automatically synced for privileged access.

Hourglass
Efficient use of resources

The customer was able to ramp up their critical environment without huge investment into hardware because of resource-efficient PAM.

Certification
Zero Standing privileges

No permanent access or connection, permanent authorizations or permanent credentials in the critical environment.

future-proof-icon
No compromise

The customer did not need to make a compromise between security and performance in their production environment.

 

Learn more about securing access using ultra-modern PAM.