KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
A modern approach to securing privileged accounts is to apply the principle of Zero Trust: Never trust, always verify. While Zero Trust is not an off-the-shelf solution, it is modern vendors of PAM solutions that recommend using this security principle to cement the technical capabilities of their products. This webinar will provide actionable insights for organizations to employ Zero Trust security in their overall PAM strategy and operations.
Paul Fisher, Senior Analyst at KuppingerCole, will look at the origins of Zero Trust theory and its development as well as how Zero Trust fits into the KuppingerCole identity and cybersecurity fabric architecture concepts. He will address how Zero Trust can assist in managing cloud entitlements and discuss we 100% Zero Trust is possible. Srilekha Sankaran, product consultant for PAM solutions at ManageEngine, will address the risks of insider threats and privilege misuse in the era of hybrid work, and discuss the management and elimination of the risks posed by standing privileges.
A modern approach to securing privileged accounts is to apply the principle of Zero Trust: Never trust, always verify. While Zero Trust is not an off-the-shelf solution, it is modern vendors of PAM solutions that recommend using this security principle to cement the technical capabilities of their products. This webinar will provide actionable insights for organizations to employ Zero Trust security in their overall PAM strategy and operations.
Paul Fisher, Senior Analyst at KuppingerCole, will look at the origins of Zero Trust theory and its development as well as how Zero Trust fits into the KuppingerCole identity and cybersecurity fabric architecture concepts. He will address how Zero Trust can assist in managing cloud entitlements and discuss we 100% Zero Trust is possible. Srilekha Sankaran, product consultant for PAM solutions at ManageEngine, will address the risks of insider threats and privilege misuse in the era of hybrid work, and discuss the management and elimination of the risks posed by standing privileges.
Good afternoon, good morning, or good evening. Welcome to our webinar today sponsored by Manage Engine, and we'll be talking about Zero Trust and how privileged access management can help in that quest. And I'm delighted also to be joined on the web webinar by Shikha Sankaran, who is chief architect of Pam for Manage Engine. So hello there.
Hello, Paul. Hello everyone. Hi. Hi. Hope you're okay.
Good, good. Thank you. Excellent.
Well, we'll we'll hear from you in a little while. Meantime, I'll press on with this just for people listening in. You don't have to do anything, just, just enjoy and listen.
You, you are muted, so no need to worry about muting or on mute yourself. There will be a couple of polls during the webinar and also your chance to ask questions at the end. In the q and a. We also always record our webinars and this will be available very shortly after the live event as well, the slide decks, which you'll see today. So if you have any colleagues that can't join us live, then please tell 'em and they can watch it on the recording. So that's all that's happening.
Now, the agenda today, I'm, we'll start off with a kind of a brief history of Zero Trust, where it is, what it is, how it affects privilege access management, and then SRI will go into a little bit more detail about Manage Engine and how it can help with privilege access management. And then we have the q and A wrap up and goodbye. So let's start off with our first poll. So nice and simple, have you consisted, have you considered zero trust for your organization?
A yes, no reply there. So let's start the op poll opening.
Yep, thank you very much. We'll wait for a little while just to collect the answers while we're doing it.
And so, yeah, so zero trust is obviously on the radar at the moment. Lots of people talking about it, not at least, which are Analyst communities. So have you considered zero Trust, yes or no? So I think we'll close that poll now and carry on with the rest of my presentation. So to start with, I just wanted to point out a kind of obvious fact, but when we talk about zero trust, everything is connected to the internet these days. As soon as you switch on your phone, soon as you set down to work, you are connecting to the internet. And the internet is the world's biggest zero trust network.
You simply can't trust what's on it and what you're connecting to. It's, it's a matter of fact and the, the news stories around the world prove this on a daily basis. So that's something to bear in mind when you consider what is the backbone of your organization and what is the backbone of your communication systems right now. And that is the internet. This is a quote from the National Institute of Science Technology in the United States, which says that zero trust is not an architecture, it's the first thing that we always need to establish.
It's not something you can sort of buy off the shelf, but it is actually a set of principles for workflows, system design and operations that you can use to improve the security posture of your organization or business. So that's always worth, just like the, the internet is the world's biggest zero trust network. Zero trust is not an architecture on its own. And the guy that's kind of credited with, with at least popularizing the, if not inventing the concept zero trust, is a guy called John Kinder Bag who used to be a it Analyst.
And he, about 10 years ago, took the concept that actually had been around for a few decades before all of this and before the internet even. And he decided to, you know, to start formulating what Zero trust is, how it relates to an organization, what particular pieces you need and what policies, et cetera, that you need to create a zero trust environment.
And he, he, the key thing he said was that networks should be designed without implicit trust. So just as we don't trust the internet, which is why we have firewalls while we have filters, et cetera on all our connections to the internet, then the inner workings of our organizations should take the same position. So that networks should be designed without any implicit trust in them. So you have to enforce strict identity and least privileged access policies.
And the, the key word there is least privilege. And you'll see how privileged access management is now being used in new ways to promote and establish a zero trust in organizations. So going back to the mists definition of zero trust, and it really is actually worth looking out this document and, and the list documents are actually available quite easily and they're quite reasonably priced. I think I've one on my shelf here somewhere, but it doesn't fall to hand.
Oh, here's one. Yeah, this is on authentication guidelines, but you can get these I think on Amazon or directly from the N I S T and it's actually a very good way of establishing some guidelines, but just to get seven tenants of what they say. So we have all data sources and computing services are considered resources, all communication is secured regardless of the network location access. And this is important access to individual enterprise resources grow is granted on a per session basis.
So that's where we start getting to the, the concept of just in time management and just in time access so that you don't have standing access, you don't have standing privileges. That somehow, and this is the tricky part because actually implementing on a procession basis is actually quite hard work. It's quite hard on system resources and dis architecture design so that you have a procession basis, but which is actually still highly efficient and doesn't interfere with the workings of the business.
One of the reasons we have a lot of standing privileges right now and standing access is because if we didn't, the business would slow down. But that doesn't imply zero trust, you see? So we need to think about that carefully. And the access resources is determined by a dynamic policy evaluating the identity, the application service, the requesting asset, A as in the, let's say an app, a laptop or the device and the behavioral environmental attributes. So all of those things have gotta be factored into something that happens every millisecond, every day.
Everywhere in the world where someone logs on or looks, seeks access to a resource, the enterprise then needs on the due, on the, the compliance side needs to monitor and measure the integrity and security posture of all owned and associated assets. So you can't have zero trust if you don't know what's happening in your networks. It's not if you don't know who's accessing what or who's trying to access stuff always.
Also, authentication and organization must be dynamic and strictly enforced before access allowed. So you can only allow access once authentication and then authorization is completed. And if that fails, then that is a violation of the zero trust and that identity cannot get access. And finally, again, coming back to sort of analytics and information, you should ensure that your organization collects as much information as possible about state of assets, network infrastructure and communications.
And use that as a continuous analysis, even say on a monthly basis, even a weekly basis, so that you can make decisions about what's needs improving in the architecture, what is perhaps a risk. And that is obviously an ongoing process. It's also obviously a process which again uses up resources and time, but it needs to be done if you are going to maintain zero trust. Now all that's very well, as I said, there are some challenges to this.
There are organizational challenges that I mentioned in the previous slide that creating such a network, doing such things as keeping a record of log act of network activity and logging all that, it's quite hard and it's quite costly to implement if you find that your infrastructures and your applications are need modification, that also can be a challenge. The legacy infrastructure, quite often you may have identity and access management systems or access management systems which do not adhere to the tenants of zero trust that we've just been talking about.
So again, that's gonna be an expense, it's gonna be a labor cost, it's going to be a time cost and you need to work out, you know, a risk and cost analysis of how you can do that. Privilege access again as we'll talk about later, is a key part of this. How can you protect those privileged access accounts or people who have identities that have access to privilege resources? How will you make that a zero trust environment as well? Is it possible that you can go on the process of digital transformation, which is ongoing and zero trust at the same time?
That's certainly a challenge, but I think it's certainly a good challenge. As in if you start to digital digitalize your environment, it's a great opportunity to start thinking about designing that architecture so that zero trust is designed in. Do you have in your organization teams like Dev DevOps or code coders or those departments that quite often might use privileged access management or they might use rapid access to cloud resources.
We call 'em sort of agile dynamic teams who are at the very age of modern computing, as in they want super fast access, they want to turn things around very quickly. How can you bring them within a zero trust environment as well? And related to that of course is the complexity of many environments. Even those that have legacy infrastructure, that have old applications are still now probably joined by newer cloud resources.
And then multi-cloud resources, very few organizations have just Amazon or just aws, sorry, or Microsoft Azure or Google or either they may have all three running in different parts of the organization in different countries perhaps. So that all of these things, and that in particular brings a key challenge to implementing a zero trust in in your organization. So we at Kuppinger Coal, amongst other things obviously talk about identity and access management and the future of identity and we increasingly now speak about what we call an identity fabric.
The best way to really describe this is going beyond the static platform based identity access management and privileged access management platforms that exist in many organizations and thinking more about areas or platforms that can sort of wrap around the business like a fabric and often integrated perspective across all areas of identity access management to every identity and every service and resource. Obviously that's easier to put down on a piece of paper, peer paper and describe than it is to implement, but that's the theory.
And the theory is that one size doesn't fit all, one platform doesn't fit all. Let me give you an example. You may have a privileged access management system in place, which does a good job for protecting traditional identities that have privileged access such as administrators, but that uses a system of passwords, it uses a system of vaulting and it it takes time for the privilege identity to request access, to get a password, to use the password to then do what they want to do.
And that is why those things often get left open as standing privileges, whereas the people in DevOps work much faster. And you might find that they're, they're doing, they're actually bypassing privileged access management altogether, but they're actually doing stuff which is very, very key and very privileged indeed. They're having access to pieces of code, they're having access to software supply chains, et cetera, which are very privileged indeed.
But you may find that they actually either don't use any kind of pam, but they actually would use maybe their own version even even like develops something of their own. So you end up with your sort of legacy identity access management and then you've got this new stuff which is being pushed out and developed beyond control of the normal IT security department.
So that's, that is what's happening. So you've kind of got what you might call a rogue identity fabric. So you've got bits of which are part of the design and other bits which aren't and which you have no control of. So it is a process of looking at the entire organization, which we've kind of like laid out here on this slide, and looking at those areas which need covering, which might be covered by one form of identity access management on and one form of privilege access management and another area which needs say cloud infrastructure and entitlement management again.
So you then start to get this holistic view supporting all identities, human and machine, et cetera. Again, by doing this, we can start to build a zero trust network because we are closing the gaps. We are logging what's happening in DevOps without interfering with their workflow, without interfering with the speed and the, the way that they, and even the, you know, the times that they like to work. So that's what we need to do.
We need to expand identity and access management all across the organization so it supports zero trust and most importantly supports infrastructure as a service, identity as a service. Again, all these things and as many vendors now as manage will will show they're thinking about this in the same way and they are looking to to to close these gaps. And then this again is really just a reference.
And again, I'm not gonna, this isn't something I'm gonna run through here, but this is really your reference as part of this today's webinar. So we've basically taken core identity access management, extended identity access management, and then integrations. So within all of this you can see how I identity and access management is, is really now quite a, a complicated and yet fully comprehensive sort of science perhaps is that can cover most of the challenges that we can see, at least for now at that most organizations need.
And those would run through of core functions of administration, analytics and risk authentication and authorization. So take a look at that when you've got time and see where perhaps your organization where you think, yeah, we've got that and you know, it, it's, it's a great document just to have to refer to. So with that, I'll just quickly open my last poll, which is the question is how many different cloud service providers do you use or does your organization use? Which really is something we're trying to find out from so many of our subscribers and users.
And so the answers available are just the one, only the one of aws, Azure, and Google more than three but not include in those, those big three more than three including those three plus others say O V H or Oracle et cetera. Or perhaps you don't actually know, which really is, is not supposed to be a, a jerk answer is actually quite serious because it's actually quite conceivable that many, many IT managers, many even many CISOs don't have a clear idea of how many cloud services are being used.
And that's cause of, you know, this case like I said, where certain lines of business may be actually punching cloud on a shadow basis without it being managed or even known about by central it. So that I think is we'll close that poll now. And just to, before I hand over also when you get the download e I put a load of linkable resources here which go into a lot more detail about zero trust identity and cloud access security brokers, et cetera for you to read online when you get the chance.
So I shall now hand over Toska I pardon Sankaran to talk more about Zero Trust and PAM solutions with Managed engine. So hello there. Thank you so much Paul. That was indeed an insightful session covering the threat landscape at large, the essentials and you know, the key challenges in employing zero trust. I also think you had a very pretty comprehensive and engaging perspective on how organizations can really get a head start with zero trust starting with their identity management and PAM strategies.
Yeah, so before I begin, I'm Sri Lanka product expert for PAM Solutions at Managed Engine. So in this session I will be taking you all through how manage engine approaches zero trust security from a privileged access management point of view. So first off, yes we are Manage Engine, we are the IT management division of Zoho COP Manage Engine has been in the IT management market for the last 25 years.
We offer over one 20 IT management products and free tools that cover every facet of your IT starting from network and device management to privileged access security to applications management to active directly management services, software file integrity monitoring and so on. Yeah, so now coming to the privileged access management part, we have been in the market since 2007.
We started off with a password manager product and until now we've, you know, crossed we have been supporting over 1 million admins worldwide and we have over 5,000 global brands trusting us and we also have over 200 channel partners across the world helping us with localized support product implementations, yeah and so on. So coming to our PAM portfolio, we ha we offer a comprehensive set of PAM solutions which cover end-to-end produced access management for our customers.
The first product in our suite was Password Manager Pro, which was launched in 2007, which was also built to I ize and manage our in-house secrets like SSH keys, passwords, certificate certificates and so on. So we built this internal tool because we had to manage passwords and keys manually in spreadsheets, which was neither easy nor was it secure for us. Eventually we later added more capabilities such as session monitoring, reporting, logging, you know, auditing to help our internal IT administrators facilitate remote privileged access to you know, target and points and so on.
So later we thought this tool will be of great aid for our customers and so Password Manager Pro was born. So down the line we also built a comprehensive PA PAM portfolio that caters to multiple PAM use cases and niche business use cases as well. These capabilities include encryption, key lifecycle management, secure remote taxes, Porwal session management and so on.
So as of today, PAM 360 serves as manage engines enterprise pan suite Pan 360 encapsulates the core capabilities of all our pinpoint products and also includes advanced and high-end functionalities such as just type privilege, elevation, DevSecOps, secrets, management of blended analytics, and you know, other plentiful customizations. So in addition, PAN 360 also offers the contextual integrations with IT management solutions such as, you know, management solutions, SIM tools, network management tools, endpoint tools and so on.
And we also offer integration with developer tools, business applications and so on, which results in tighter integrations with all parts of your IT and also helps you get nifty insights on privileged access across your enterprise for, you know, quicker remedies and re reduced security incidents. So this is also why PAM 360 caters to more matured enterprises compared to other PAM products in our portfolio. So before we understand how managed engine approaches zero trust, we may have come across workplaces evolving today.
You know, offices are no longer confined to just buildings and rooms and co-working spaces. The boundaries have vanished and the security parameters are now omnipresent, right? But however, the fact remains, no matter how sophisticated attackers become, no matter how sophisticated attack algorithms turn out to be, it all boils down to a simple misuse of credentials and privileges to gain access to sensitive data, right? So if anything, the recent data breach reports only suggest that the number of privilege abuse attacks have risen in the recent past.
This is as a post pandemic effect probably, but in fact over 80% of data breaches happen only because of apparent and weak and compromised credentials. So with that being said, now before exploring how we approach zero trust controls, let's first understand what it takes to take the first step towards zero trust plan, right? This is very similar to what Paul just covered in terms of having some bad minimum controls in organization to actually get started with zero trust. So this includes the first step which is verifying the legitimacy of user requests.
This is a very basic step where if a user needs access to an endpoint or an application, they will first have to prove the legitimacy of their request. So this comes in the form of a request mechanism where users first raise the request to the administrators, the administrators will then verify and confirm whether this user can be granted access to and pause that administrators will approve their access request and users can gain a access to these systems.
So next IT teams need a score based access provisioning mechanism where users and devices through which users connected connect to remote systems will first be assessed for threats and risks. So based on what, based on that they will be assigned with a baseline trust score for both users and devices. So this way admins can GRA grant access to passwords and remote host only if the baseline trust score is acceptable, as in users with high baseline trust scores can have higher chances of access compared to those who do not have it.
And for this you'll need to have tight integrations with your other IT management, you know, areas such as U E B A, continuous monitoring of remote sessions to be able to, you know, dynamically assign scores for users and devices. And finally you should also enforce multifactor authentication because it just adds another layer of security to your environment. Now that brings us to the core part of this presentation, which is how PAN 360 encapsulates zero trust security in in its modules, right?
So to begin with, PAN 360 offers the following capabilities in terms of zero trust when it comes to monitoring privileged activities. So the first two controls are pretty intertwined, where we offer policy-based access controls, which are driven by trust codes. Now this is an industry first approach to zero trust, which includes leveraging a dynamic and automated trust code mechanism to access realtime threats posed by users and devices, right?
Subsequently you can also set set up access control policies based on these trust codes and other crucial factors like whether or not there's MFA enabled or if there are password policies that are set or if users are granted access based on their roles and so on and so forth, right? Based on these factors and policies, administrators can trigger automated follow-up actions based on your organization's security requirements. And as part of its zero trust portfolio, PAN 360 also includes additional levels of scrutiny when it comes to provisioning access to users.
So this comes in the form of smart request release workflows, role-based access provisioning, realtime reporting, which I'll just be covering in the latest slides as well. Now similar to user trust scores, administrators can also set up baseline trust scores for devices where devices are given with customizable trust scores at the beginning based on a variety of risk factors which you deem are, you know, vital for your organization's security. And based on these scores you can create access policies and trigger follow-up actions when it comes to provisioning access to remote endpoints.
So in short, you'll be providing baseline trust scores for both users and devices and these scores will reduce or increase during the session depending on how, depending on the merits of your actions in the session. And if you cross a threshold, you will be given with warning or your sessions will be terminated depending on the severity of the action that users take on during these sessions. Next is privilege, elevation and delegation. So Pan 360 offers both agent based and agentless mode of privilege elevation, which helps our customers ensure zero standing privileges in their environment.
The agentless mode is also known as the just in time privilege elevation. With this, with J I T in place Windows domain users can actually gain elevated permissions where they will get domain administrative privileges based on a request approval mechanism for a specific timeframe. Now this orchestrated workflow allows domain users to easily log into remote endpoints for a specific period and carry out their intended tasks. And once they have completed their intended tasks, the access to these systems will be revoked and also the passwords of such critical systems will be automatically rotated.
So users with only valid access requirements will be automatically elevated into local security groups for temporary access through this method. Similarly, a domain user account can also be elevated into a domain security group and this kind of elevation is actually facilitated through Manage engine's native active management solution, which is also called ad Manager plus. So through the integration with Ad Manager plus Pan 360 can provide administrators the control to map domain user accounts to specific security groups and active directly.
Once these accounts are added to the security groups, their privileges are basically elevated, which means they can gain administrative access to remote endpoints for a temporary period. Like I said, once this time runs out, permissions are automatically revoked ensuring that no user has access to these privileged systems anymore. And in addition, these user accounts with temporary privileges will also be subsequently removed with removed from those security groups automatically. Whether or not it's a local or a domain user group, these users will be subsequently removed from those groups.
The other form of elevation is agent-based self-service privilege elevation, where users, once they gain access to a remote endpoint, will not be able to launch applications unless they are added as a privileged user account on Time 360. Now, path 360 also enables administrators to configure self-service privilege elevation on target endpoints using agents. This is an agent based approach, right?
So with access controls enabled for accounts in these resources where the agents are configured, users can log into these missions and run specific type of application which they won't normally have access to. When I say specific this is, this could be a command file, this could be an EXC file, this could be an MSI or a batch file. So there are some whitelisted applications which these elevated users can have access to, but this comes in the form of an agent based approach and they will have to be running this application as a PAM privileged account.
Now to understand this better, let's say you are a developer, you'll need to install a particular application in a remote endpoint, but you may not have sufficient privileges to install applications on an endpoint. Right now, using the self-service privilege elevation mode, you can elevate yourself as a Pan 360 privilege account and you can install the installer filing that mission and you'll be demoted from that mode once your request period has ended.
So similarly, let's say you are a database administrator who wants to perform a maintenance in SQL Studio, but you might not have full-on administrator privileges to that endpoint or that application as well. So when you use and run this application as a Pan 360 privilege account, you'll be able to run queries, you'll be able to export, you know, cables from SQL Studio as a privileged administrator. So this is how managed engines privilege elevation modes work.
Moving on Pan 360 also includes role-based access controls, which I just mentioned just a while ago, where users, whenever users are onboarded into Pan 360, they're also allotted with privileges and roles. So Pan 360 by default supports six user roles where three of them are administrative roles and the other three or non-ad administrative roles. So each of these roles carry common privileges where administrative roles have maximum privileges of full, full on control access to you know, privilege resources, whereas non-administrative users have only view or modify access to those resources.
So let's say when a user is onboarded, they're assigned with a role with the least privilege. This is to ensure that they have restricted access to resources by default. But however, these roles can be changed anytime by administrators based on the user's requirements and preferences as well. So let's say when I add resources, these resources when I mean when I say resources, these are typically remote endpoints such as databases, servers, network devices and so on.
So when resources shared with users Pan 360, by default, when enforce role-based access filters, as in users that fall under administrative roles will have complete control over these resources. Like I said, they can view, modify, and have full access to those resources, but non-administrative users only will have view and modify access, which is also their maximum privilege. So similarly, PAM 360 offers smart request release workflows where if a user needs access to passwords, they'll first have to raise the request to through the administrators.
The administrators will receive notifications and emails with these requests and they can verify the validity of these requests and then choose to either approve or reject them. So also about, upon approval of these requests, administrators can provision user with exclusive and temporary access to passwords. Let's say for 30 minutes after the expiry of these 30 minutes, the password will become wide and the user will no longer have access to that particular password automation. So further administrators can also revoke access of to passwords if they suspect any malicious activity.
And this can be done during the usage period itself. So also, like I had mentioned, there is also an option to automatically reset the credentials of resources, the keys of resources, a after every single use, right? So this way no user can engage in unauthorized access attempts using an old password. So even if a password is accidentally exposed, they will not be valid anymore because the credentials are always rotated.
So finally, PAN 360 includes a native session management module, which allows users to launch direct and single-click connections to remote hosts without requiring passwords. So when sessions are launched, administrators can join and shadow these sessions in real time. They can also chat with users, they can monitor and audit live sessions and if they suspect any user to be engaging in Analyst or Malaysia's activities, they can terminate the those user sessions in real time as well.
Further, these sessions are also recorded and these recordings can be used for future future forensic analysis and security audits internally. So in addition, pan 360 also generates comprehensive audit details, you know, covering all events around the privileged account and key activities such as login attempts, scheduled tasks, password resets, you know, whatnot.
So this data, this audit data helps in complying with regular industry compliance programs such as PCI dss, hipaa, poppi, and various other compliance programs and audit trails also provide a detailed history of access activities, like who accessed which resource, what did they access, why did they need it, how did they access, when did they access and all, all of which is also required for your internal security.
You know, audits further PAN 360 also integrates with SIM tools such as Splunk event log analyzer, like whatever sim tool you have in organization, you can integrate it with PAM 360 to send, you know, your audit trails and logs as so slack messages. And you can use the use, you can use these solutions to correlate privileged access data with even data across your organizations to help you understand, you know, user access and Analyst activities in detail.
Further, PAM 360 also integrates with network management tools using which you can send these logs and audit as SNMP tracks, which you can use to again further analyze and correlate privileged access data with other events across your organization, which will help you proactively address, identify and, you know, preempt any security blind spots. So this way you can make sure that your security teams make informed security decisions. So with this I hope I have given you a very good high level picture of how manage engine approaches zero trust with its enterprise SPA suite.
If you would like to explore how PAN 360 s zero zero trust capabilities work, or if you would like a personalized session from our experts on how we can help you, you know, achieve your zero trust goals, please feel free to reach out to us on the email that you see on screen. Thank you so much for your presentation.
And yeah, before we, we do the q and a, let's just have a quick look at the polls and there's no real surprises that the, the first poll, have you considered zero trust? 94% overwhelmingly said yes and 6% no. And that seems to be consistent with research that we are doing. Certainly zero trust, as I said right at the start, has has caught the imagination, although it's not a a, a new concept, but certainly today's computing environments has, you know, found, found a new audience I think and is having, I think people taking it very seriously.
The second poll, which is again no real surprises, 15% have one cloud, 38% use, three big ones, zero have more than three, but that don't use aws. Again, that's consistent and 25% using more than three including aws.
However, as I said at the time, 23% say they have no idea. And, and, and that is not something that anyone needs to be particularly, you know, embarrassed or ashamed about.
I think, you know, it's, it's just a matter of of of, you know, business life right now and the whole point of things like zero trust and cloud infrastructure, entitlement management and privilege access management I is to help us again around that certain situation. So I did uhs, if you wanna just say anything on those results, any comments yourself. The poll results are really evident of the fact that all the organizations are right now considering zero trust very seriously, especially for their, you know, cloud and IASS platforms basically.
So yeah, it's pretty evident. Yeah. Okay. Well we got a, a couple of a couple of questions and these are mostly about PAM 360 actually. So does PAM 360 support application control as part of its PAM modules? And if yes, can you talk us through it? I dunno if that's possible, but certainly is it, does it support application control?
Oh, oh yes. Pan 360 supports application control with its agent based privilege elevation. So Pan 360 primarily offers, like I said, an agent based agent, less an agent based privilege elevation, of which the agent based elevation is called self-service privilege elevation. So this includes additional security controls to help like administrative users to control and configure elevation controls for select applications. So you will be able to, you know, whitelist a few applications and ensure elevated access to your users using this self-service privilege elevation in place.
Yeah, so yes, to answer your question, yes, PAM 360 offers application control and innovated access to certain applications through its agent-based privilege elevation. Thank you.
Okay, The next question is also a bit technical. So how does PAM 360 enforce least privilege to users? Oh yes. Like I mentioned in my session, there's like whenever users are onboarded into Pan 360, right, they will be assigned rule user roles by default. So let's say you have an active directory environment, you onboard users from your directory service and you will have to immediately assign roles to them. So we have, and we support six default types of user roles of which three are administrative roles, and three are non-ad administrative roles.
So if you do not by chance assign any roles to a user during the onboarding process, they'll be assigned with the least administra least non-administrative role in PAMM 360, which means admin, they will not have administrative privileges, even if they're going to be an administrative user on PAMM 360 unless their roles are changed. So that way no user will have elevated access to resources or, you know, endpoints at the beginning unless their roles are being assigned appropriately.
So this is how PAM 360 enforces lease privilege at the very beginning and later you also have like privilege elevation methods where users will first have to raise requests for their access activities and users will also be given with time limited access to resources and applications. So at every level, yes, PAMM 360 offers, I mean, applies lease privilege when it comes to access activities. Great.
I I, I didn't mention least privileged much in my presentation, but it is absolutely crucial to the whole concept of zero trust. You're absolutely right. Oh yes.
And, and I should point out actually that the, the new privileged access management leadership compass in which managed engine obviously features very strongly is now available for a read on download on, on the COPE coal website. So another question here is talking about behavior analytics does, I'm sure the answer is yes, but I let, I'll let you explain. Does PAM 360 support behavior analytics, again, that was an in in incredibly important part of zero trust. If you dunno what's happening, you can't, you can't secure things so, Oh yes, absolutely.
PAM 360 supports privileged user entity, entity behavior analytics. So we offer two types of analytics here and we offer native U E B A through our internal management engine products called Lock 360 and Analytics Plus. So lock three sixty's integration with PAM 360 will help our administrators identify Analyst behavior and understand suspicious activities in detail through which they can assign threat scores and eliminate threat actors and bad actors in your privileged environment.
Whereas we also have an integration with another product from our own, you know, IT management suite called Analytics Plus through analytics, plus's integration, you can build data models, user behavior models, user access patterns, and understand how your users use your privileged environment, what, what your users use to log in, what are the access activity patterns. So we offer blended analytics when it comes to privileged user behavior analysis.
So this way you can effectively identify any kind of security blind spot threat actors and you can also identify what kind of Analyst activities happen in your privileged environment. So yeah, PA Pan 360 offers blended analytics in the form of integrations with managing Engine Lock 360 and Analytics Plus. Fantastic. Well there's no questions more at the moment.
I just wonder, just while we have some time, let me just publicize something very exciting coming from KC very soon, KC Open Select, which is a new brand new interactive online tool that's coming, which will help you as end users make those decisions you need on identity and access management solutions, but also on cyber security in in general and of course areas like proof access management. So look out for that coming this quarter, this first part of 2023, KC Open Select.
As I said, we don't have any more questions so I will take the opportunity to thank you very much Shikha for being with us today, for your excellent presentation and also to you who were online today with us. Great attendance, great to hear, great to see so many people here.
Again, as I said right at the start, this webinar is recorded and will be available probably from tomorrow on the website for any of your colleagues that couldn't make it today. But for now, I will say goodbye, goodnight, or good morning to you all and hope to see you on the next webinar. Goodbye. Thank you so much everyone. Thank you Paul. Goodbye.