Webinar Recording
Privilege Management From the Cloud: Go or No-Go?
The digital transformation is changing the way we do business, and it is also changing the way we have to keep our increasingly complex IT infrastructure agile and flexible yet secure and compliant. Managing geographically dispersed cloud/hybrid environments and the privileged access to servers and other systems therein is a challenging task.
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Good afternoon, ladies and gentlemen, welcome to our coping call. Webinar privilege management from the cloud go or NoGo. This webinar is supported by wo the speakers today are chef Martin, our area sales director at Wix and me Martin I'm founder and principal Analyst Analyst at Ko Cole call. Before we start some information about keeping a call and some housekeeping information then will directly dive into the topics of today could be our call is an international independent Analyst company. We are founded back in 2004, focusing on information security, identity, access governance, risk management, and other areas concerning the digital transformation. We offer services in three areas, which is our research like our leadership documents, where we compare vendors and various market segments. Our events I'll touch that in a minute. And our advisory where we provide advisory services to end user organizations, supporting them, for instance, in tools, choice, strategy, development, roadmaps, and other areas.
We have a couple of upcoming wins. So this month, our consumer identity world too will start in Seattle us. Then we will have an event in Amsterdam, end of October and one in November in Singapore. And mid-November, we will run our cybersecurity leadership summit and our cyber access summit in Berlin. These are some of our upcoming webinars aside of upcoming events, aside of all the webinars, some guidelines for the webinar, you are muted C you don't have to mute around yourself. We are controlling these features. We will record the webinar and there will be a recording available latest by tomorrow. And there will be a Q and a session at the end. You can enter, however, you can enter questions at any time so that we have ideally a long list of questions we can walk through in our Q and a session. Let's have a look at the agenda.
The agenda for today is split to three parts. In the first part, I'll talk about the benefits and challenges of running privilege management solutions from the cloud. And the second part, then chef Martin area sales director at wall will talk about use cases from regulated industries, for running privilege management from the cloud. And the third part, we then will have a Q and a session. So the topic and factors around privilege or privileged access management. So how to deal with highly privileged access. And the question on, is there something we can or should deploy from the cloud and what do we need to keep in mind? I'll do more there, the, the generic part. And then as the agenda indicates, Mr. Hub will dive into concrete examples and more into detail. So I'd like to start with a very important perspective. So when we look at the cloud, a lot of talks about, can we do it? Is this, are we allowed to do it?
There are two aspects we should keep in mind. The one is more the compliance and audit aspects. So do we meet laws and regulations? Potentially we do we'll need to carefully evaluate it, but basically we can do it. We, and on that side of compliance also, we have the audit aspect. So it means audit must be, so our audit requirements must be covered, but it's also about doing the things right from our own perspective. So what do we really do? Do we do it the right way? So order compliance are tightly related, but at the end, what counts is that needs of compliance nor order make you secure? It's about taking the right actions. So we need to do things right. And that is, I think, super important also when it comes to topic, can we run our privileged access management and other services from the cloud?
So the one thing is, are we compliant? We need to be, we need to fulfill our audit requirements, but we need also to understand what does it mean for us? And we can also take it wise versa and compare it with, what does it mean when we run it internally? What are we responsible to do in that case? Because then we don't have a cloud service provider, which takes some of our responsibilities. And that will be sort of main theme for my talk during the next, roughly five, 15 minutes before then, Mr. Martin starts was his part of the presentation. There are a variety of changing requirements for privilege management. We have observed over the last couple of years right now. And so when we look at privilege management, obviously this topic became more and more important as in, in the context of the ever increasing threats and attacks.
Attackers always are after the highly privileged accounts, because this gives them sort of the biggest reward for running the attacks. So we need to protect these accounts. Well, we obviously have the challenge of there are new deployment models. Like the cloud, there are new service models like MSP models. How do we manage access privileged access to these environments like cloud? How do we manage privileged access of employees of our MSPs? We have connected things which make stuff even more complex, a little bit outta scope for today. We need to integrate privilege management increasingly better with other areas because it's one element in our security strategy. It's one element in our identity strategy. It needs to work with the other things. And obviously we have ever increasing requirements from the regulatory compliance. And so the game has become more complex these days. And we need to understand how do we do privilege management best and privilege management.
There is more than just shared accounts. So when we look at what privilege management is, then we have basically two areas. The one is this personal versus shared accounting. So we have for instance, functional accounts, which might have pretty lower entitlements. On the other hand, we might have personal accounts which have very highly elevated entitlements, such as the SAP power user. And so session management, as one part of we commonly see privilege management product focus more on the elevated accounts, whether they are personal or shared while the traditional British account management focuses more on the shared account side of things. So it's a bigger theme. And I look at the elements of what we expect to see within today's privileged access management or privilege management solutions later in my presentation. But that trust to sort of clarify what we are talking about. We're talking about privileged access management.
We are looking at a question of, is this something we could and should consume as a service and to answer that question or to bring in at least some, some thoughts from our end, helping you to find your answer on that? I think it's good to start with the business. And it perspective as on cloud services, from a business perspective, it's digital business, which the business things. And so everyone talks about digital transformation and all that impact of businesses want to use it to be faster on that, to connect customers, to deploy new types of applications rapidly, and also to better deal this business risk from a it perspective, things like cost reductions are understand like improved it efficiency. Obviously that means migrate existing applications. And it's when we look at the entire risk posture, it's about compliance and security. So how can we make that compliant and secure?
And this is always the question when, when looking at cloud services. So there's a potential for cost reduction for a potential for improving it efficiency. The services are run. We have a, at least a very predictable pricing model. We have less costs of project for, of deployment of things like that. On the other hand, can we make it, can we do it in a way which is compliant secure enough? When we look at a benefit and risk perspective, then for different aspects, with respect to different types of cloud models, then it also becomes obvious that private cloud deployments have their benefits when it comes to risks. So we can have a better control, a better grip potentially regarding governance and compliance data protection, cyber defenses, I will own lockdown environment. On the other hand, the cost aspects, scalability aspects resilience are at the lower level. Then for instance, on public cloud model, obviously public cloud potentially is the best from a cost perspective, from a scalability perspective, but we have some trade offs when it comes to governance compliance to data protection, to cyber defense. So we have to evaluate which of these models is the one the provider offers and which is the one which fits to our requirements and to understand sort of the benefits and the risks and the trade of between these areas.
And there's not the one single perfect solution, which is perfect regarding benefits and super regarding the risks. We don't have it. So it's always a decision we need to make between these areas. When we then look at that, that topic of cloud, then we also should understand which are levels, which need to be managed so end users potentially, or can access software as a service. So they access applications on data. We have the programming, the platform as a service service programming tools, APIs in the middleware. We have the infrastructure and we have as a service with storage compute connection. We have the physical infrastructure. Factually we have five planes that need to be managed and secured, which are the hosted applications to programming tools, the middleware, all the infrastructures, the service components and the underlying hardware infrastructure for physical service, storage and networks. The important thing here is depending on which type of thing we do in the cloud, we will have different rank responsibilities for each layer.
And when you look at a thing like privilege management, which factually is something which is probably best considered as a platform, as a service approach, then we have some certain split of responsibilities between the talent. So us as an organization saying, oh, we want to use that cloud service and the providers or the company delivering this as a cloud service. And this is what I show in depth slide. So we have different planes like the underlying infrastructure, the operating system, the middleware, the application, the data and access, and in an infrastructure as a service, the provider only provides the infrastructure and everything else, the operating system, middleware, et cetera. Isn't the responsibility of the tenant. While when we look at the software as a service side of things, someone provides an application, the underlying middleware dos the infrastructure. So the provider responsibility for all of these areas, the tenant is only responsible for the data and his access for platform as a service it's somewhere in between.
And, and so, in fact, when we look at privilege management as a service, it's somewhere in between platform as a service and software as a service, but obviously there are certain provider responsibilities, which also shows that there are things we don't need to care about. So it's the provider's job to care for the security of the infrastructure, the security of the operation, operat operating system, et cetera. This is very important to understand, because this is also something you need to check. For instance, when you look at a contracts, a provider going from there, we need to also to understand what our, what is the functionality needed is functionality provided and what are the nonfunctional aspects which need to provide be provided. And I look at the functional side a little later and start on certain aspects from the nonfunctional side, which are of specific relevance.
When we look at services like P access management, so security service, factually, which deal with very critical access, very critical assets. So from a that perspective, we obviously have the service functionality, but then we end up in the more nonfunctional things like enterprise hybrid support. So does it support what we have as an infrastructure in our environment? So we have most likely not only cloud services, which we, where we need to manage privileged access, but also application on premises on premises, DevOps, not that relevant in that space, because we don't have that much of DevOps for that type of service, but service availability, the compliance with regulations, the data protection super important, obviously for privileged access to cybersecurity, the services provided to onboard your business, to the service. All these things need to be provided. These are very important. And some of the specific aspects here are for instance, in business continuity.
So are there guaranteed SLAs, are there specific availability zones, failover options, Dr. Options. So when we run privilege management from the cloud, obviously one of the things which is of high relevance is that access to our servers, privileged access always works or to other components we manage. So we need these capabilities here. We need compliance certifications, and the more certifications, or at least having the right set of certifications is maybe better. The better it is, because that means you as a customer can rely on certifications instead of going much into detail of the specific service to loan. So always ask for certifications. What about a governance, the management security. So what is provided by your provider regarding that? So does he deliver information? So does he have defined security controls and deliver information about it? Do you get, which information do you get from a logging perspective is this is everything there you need from your perspective, particularly in this area of highly privileged access.
So we always have this, this situation of vulnerabilities and threats now. So we have the threats, we have our vulnerabilities, how is this handled? What about X governance capabilities? If you're required, then data security, obviously super important. When we look at shared account passwords, which are handled, how secure is that system for itself and the infrastructure, what are the services provided? What are the approaches provided by the service provider? So what is in fact, what you get for cyber defense by that service? These are the questions you need to ask. And obviously the security questions, security related aspects are of specific importance. When we look at the question of, can we deploy a service such as privilege access management from the cloud. So aside of that, we also need to functionality. And so we have a couple of areas which ideally are part, not all of them are mandatory, but a shared account password manage.
For instance, one of these areas we should be in privileged session management also is a standard element in privilege management. There might be application to application, password management. So for the communication, the secure communication between applications and avoiding having credential stored and scripts, etcetera. Now second recording and monitoring is in fact, an extension of the privilege session management, controlling privilege, elevation is another area. So how can you ensure that only certain for level commands can be run in the system, et cetera, maybe some use of behavior analytics. So detecting anomalies and outliers and behavior endpoint, privilege management, more frequently seen, but also can be treated as a totally separate discipline and some access governance. So who really has privileged access, things like that. These are from our perspective, key capability areas. And you need to understand are the ones you really need, are they well covered by the service you choose?
And that is, I think also a little bit more important when you look at services deployed from the cloud, because frequently we see that as of today on premises solutions are more feature rich, more, more, more powerful than cloud services. So you need to look at this and also potentially balance than functionality versus the ease of deployment versus all the other benefits you get from a cloud service integrations also important. So can you do the integrations? How can you do them? What can you do? Like integration to hardware, security models for managing credentials, other stuff like user behavior analytics, like integration with your access governance tools or integration to your security operation center solution. So another area which is important to understand, to look at is the product integration area. So there are a lot of things to consider. And many of these are more nonfunctional sites.
So is the way the services provided the responsibility is split between tenant and providers is good enough for what you really want to do, but also is the functionality there. You need basically virtually everything today can be run from the cloud. And it's not that there's an answer. Yes, no, for an area like privilege management, it's more, it depends on how it is done. And so the importance thing is do it right. There need to be defined responsibilities and they need to be written into contracts. So we need to have support for governance. For the management risk management security controls, the auditing. We need to have everything we require from an operating model perspective, like failover options, disaster recovery, etcetera. We need the certifications. We need the functional capabilities and we need to integrate, and we need the capability to support our own environments. And so you need to check the various offerings and map it to higher high level, high level perspective to these types of requirements to identify, yes, that's the right way to do or not. With that. I hand over to Stefan Martin, who right now will talk about use cases and his concrete view on running privilege management from the cloud. Mr. AB your term,
Those thank you very much. Do you hear me? Yes.
Great. And I hope you also see the starting screen of the presentation. Yes. Great. Then I can start instantly. So thank you very much, Martin, for this introduction. Now we will talking a little bit about wall Pam in the cloud. So the agenda, some foundations about Pam, then I will present to case studies, both of service provider business. And I finally will finish with some things about wall Alexei. So Palm foundations about what we are really talking. And this is really that you can imagine that you give really important and very sensitive value out of your own hands. You pass it over to someone else, and this could be a service provider. This could be a cloud. This could be an external engineer or operator. This could be internal administrators. At the end of the day, you give some real important value. You need to protect out of your own control.
And the thing is that really no one can give you a 100% guarantee that the data is always integrity. So the integrity of your data could never been 100% guaranteed. Why it is the case, because the way you could really become stolen, changed deleted, hacked misused. So there are many things that may happen, which even a service provider with a great SLA agreement could not 100% deliver. And even this is not just prior per accident per intent. This could also happen as per accident. So what options do you have then now if you have passed over the value. So for sure you can keep it back to your pocket where the information, the value keeps dark and unused, and even you have to, to manage it themselves, but also the other option. And this is why we are talking about with Pam. You can really take the own responsibility, the protection of the value, even in external hand by yourself, the Pam is making sure that you always have the visibility that every excess is authenticated, monitored controlled.
And for sure, also protocols and on the other side, that every unauthorized activity that should happen with your value will be blocked. And only in this case, you can really pass over your most important value, which is the data of your organization up to other hands. And this is really the message of a pump solution, keep the integrity of your value. And then you can also pass the security audits you may have to do successfully. Okay. So we see this picture. Even Martin talked a little bit about the changing organization within the digital transformation, and this is really the case. The constant change of large enterprises make managing privilege accounts. Very challenging and organizations must be able to adapt new devices, new applications, technologies, even employees, while really ensuring that the security remains still tight. And the privilege access management is really a way for organizations to improve the management, the visibility, and for sure the control they ever have about privileged users.
And even when you look to this picture, the attack surface really increases with the business expansion expansion and securing. The privileged accounts is now a real key point in improving the organizational security and especially, and this is why we are talking, especially in the cloud. The use of external third party privilege users is a widespread practice in all industry and to guarantee access rights to users really outside of the organization. And this is really also one of the greatest cybersecurity vulnerability and all of these stuff require access to the organization's it systems. And even Gartner sets that in 2025, which is just seven years, 90% of all industrial applications will be accessible in the internet. And this is not encapsulated as it may be in the state current now. And these op these opportunities all create more complexity in the organizations and thus new risks. And this is where Palm applies to secure the remote access and really to multiple strategic assets.
So companies are faced with the possibility that there are also lingering privileged accounts with lingering. It means they can be long forgotten or any users are holding still lock on credentials, but they do not use it any longer or users have left the organization, but their privileged accounts still exist. Privileged accounts still have sometimes weak passwords like admin one, three, or the password will not be changed or will be these S used time to access malicious intention. The, of the reported data breaches we had in 2017, the majority was the result of an insufficient cybersecurity practice. This was not a brute force attack on the firewall, and yes, of course, you still need to do the protection against outside threats like with firewalls, but the most, and really essential task is to ensure the protection of the critical assets that are be operated and managed by the privileged accounts and users inside and outside of the organization, just to summarize. So Pam, the ed access management keeps the integrity of your data with functionalities, like identity authentication, the control of the activities, the monitoring, and the auditing. And for sure, also the session, the session recording and thus a reporting when it is needed to, to investigate on the potential security break.
Okay. This is some information about privileged access management and, and also about the use case we see as well, Alexei. And now I would like to go with you to some case studies. We have one which is clarinet, which is a service provider in the healthcare, especially in the healthcare business. And the second one, which is great European aerospace industry leader. So Clara net Clara net is really acting as a service provider and they are also the indu, the European leader in hosting and information management, especially on critical applications. And they are present in eight country and clarinet, mainly hosts eCommerce platform, but also sites and applications for companies in the K four team, which is one of the, the, which is the French stock index, the, the top 30 customers there even key players in the public sector and large organizations, banks, insurances, mutual societies, they are also customers of clarinet.
And this is why clarinet is certified ASDS, which is the named as a health data host. And they also have to be compliant to PCI DSS 9,001 or 7 27 0 1. And the data in the applications hosted Bylar. It is very critical because they really must be available all the time to ensure the performance. And also the availability of their platforms where critical customers are behind. And to obtain this accreditation as a health data host, or for AIP, which is also a required certification. And this is the agency of shared healthcare information services. It was really required that accesses needs to be traced to the platform via one single interface to, and the centralized access. So these have been some requirements and challenges that have to be met by Clara net with a privileged success management solution. And WOS in this case was the only publisher who was able to respond to the security specifications, particularly in terms of the HDS compliance.
But although also several other factors made the wall pass past as the product name of the wall pump solution decided as the best choice for clarinet. And this was, and this is one of the, the greatest advantages we have with wall. This was really the smooth integration of the solution and a very smooth maintaining and manageability of the overall running pump solution. And also, and this was a point was, which was very important Tolar on it. And that even the billing system could be done by server. So meaning the number of resources that have been protected by the pump solution. And even this billing model based by server really fits perfectly in clarinets existing business model. And this was a win-win situation for both company and really today, every access in clarinet to their health platforms hosted by clarinet passed through wall technology. And this represents around 700 servers and even over 300 privileged users and roundabout 70 sessions in parallel.
So just to summarize clarinet has really found the tailor made solution, perfectly meeting its data security needs, easy to use and easy to adapt to its existing infrastructure. And so clarinet can mobilize the it resources really to focus on the core business and not managing stuff like this. The second big example, which is European aerospace industry leader, and here it is wall Alexei doing the managed service for them. So this is also a service provider situation. And here we are talking about a large environment and it's about 12 connected manufacturing plants in several countries across Europe. And here we have really to face some very complex workflows. The platforms are connected and even errors and malfunction often, especially and required remote maintenances. And this a lot of external support engineers had to be engaged in several various machines. And therefore the company used several solutions to allow access to these external engineers to, to, to get access to their machines, to maintain it.
And this was at the end of the day, the issue because all these access solutions like span or they use conferencing systems, even direct lines, direct connection software, they did not meet the critical security requirements of this organization. And that was the case. And that I thought about in thinking about a privileged management solution and here the solution with wall was as the following. So first it was the excess control and even the identity management and the requests. I can talk a little bit about it. The connections really should be made only at the request of the responsible entity. So every internal system owner had to confirm and approve every single request and this responsible entity, especially they had to confirm and allow them to access, and also be able to counsel a remote session locally and immediately when they feel there is something going in the wrong direction.
And also the external maintenance personal must strongly authenticate with a two factor authentic authentication, for sure when a session is begun and also they need to have an exclusive access to the target access only and no access to any associated network. And it was also important to, to create a mapping of the support sessions between the account of the internal employees and also the unique IDs of the internal maintenance personal. This was very important for this large customer to differentiate between internal and external. Also from the, and monitoring part, it was required. All data, all data with a reporting pass over to a solution 10th Al be locked and also reported session recorded was required for each performed, remote maintenance task. And also the recorded sessions shall be encrypted and only reviewable in the release of the workers council representative. Especially we in Germany, we are very strict on giving access about individual activities.
And here with wall, we have installed a multi eye principle where the workers council has to agree for before any insight and personalization can be happen. And finally, any recorded sessions should be captured for over at least six months. So at the end of the day, we were able to meet all the requirements and we had the proper installation on the organization. We are still maintaining it and we are off. We are, we are running the, the, the full, the full operation for this company. We are also operating the multifactor authentication and we ensure that everything is recorded and encrypted. And also, and this is a very important point. We were able to guarantee an uptime of 99.99%, and also similar, like the use case with clarinet it's massively, it reduced the internal workloads.
So some things about wall and how is our architecture looks like? So we have our system. I mentioned it already before it's called the, and this is separated into three parts. The first one is the access manager and the access manager is responsibility to taking the access, especially from the external players. This could be the privilege users. This could be the third parties, but also this could be the auditors and compliance managers. A strong authentication is important, but then you can be rooted through the session manager. And the session manager is responsibility that you can access to the target systems you have maybe to access for maintaining the system. And every session is recorded. The pattern is, is recorded, and you can also have a single sign on to get the access, and you are only allowed. And these are the, the rules set up in the session manager to access to those systems, which you are privileged, which you are authorized for.
And you can only do these kind of, you are allowed. We are supporting for sure, the applications and servers in the windows world, but also in, in the server world. You see here in this picture, also a second component, which is the password manager and the password manager with that. You can really set up password credentials. You can, you can change and adjust the, the strength on the complexity of passwords. You can do check in, check workflows, you can do password rotation, or you can ensure that a password can only be used for one session, and then it'll be replaced by another one. So even if a privileged account is be hijacked, the same password could not be used anymore. And this is why privileged access management is not just controlling the access and managing the activities. It is also a kind of the protection of the authentication.
And you see, as the part in the middle, this is the password world. This is a strong container with a high security encryption where passwords or passwords can be stored, okay. Even Palm in the cloud, which just part of today's webinar is important. A Palm solution, especially the one from wall can be used even as an on-premise solution, but also in the cloud. And this is one of the advantages we have to many competitors. We are also cloud already. And especially here is an, an example on, on the Amazon AWS cloud. So we have passed available even as a, what you say as, as an image on the cloud, you can select, and then you can instantly run it. And even a public RP is allowing you that we can do provision automation. And also we can set up automated workflows. When for example, new virtual machines are coming in, or other virtual machines are going out or will be set, will be changed.
And here we are, we have a direct integration in, in an Amazon tools like AWS, CloudWatch or AWS. So at the, of the day, you can do the same things as you can also do with the pump solution in your on world. And just to show that it is really easy to install. This is not to say, oh, when I go to a cloud, this is now very difficult for the setup here. There are already existing wizards that you can do here. This is a six, six step set model where you can follow a wizard to choose the, the, the, the Amazon image for BA and the cloud. You can configure it with a wizard. And then after some minutes, it's really, and this is one of the most strengths for easy to use and maintain. So the architecture is also when we are using pasture as time in the clouds, we have the entry over the access manager, and then we have the dedicated intent of se session manager or password managers lying in the, in the separated clouds. And the, the access is mainly about HDS RDP or SSH.
Okay. So last but not least why, yes, it's a European solution. We are not an American solution. We, and this is why we are really able to follow the requirements, the compliance requirements that are mainly existing in Europe, we are completely agentless. And with the easy and user friendly installation and maintenance, we, we have really a very fast route to the compliance. We have done some improvements in our security and the solution is also really highly scalable and will at least also in larger organizations provide a great cost effectiveness. Okay? So even some customers you see here have already chosen S this is just a very small picture. We have many more customers, but here we wanted to show some organizations who are, who are really used a pump solution in a managed service or in a cloud environment. So if you are interested to get more information about you see here, the use case of clarinet, if you really want to get some details, you can download it here.
You see the link on the right side. We also have a white paper regarding Theo 27 0 0 1 compliance, where we are having a very detailed description of requirements and best practices. And if you are interesting in what's new and many information and use cases business, then you can go. And so you all, I like like to ask a last question, and this is what has well expressed, your with a good bottle of wine in common. Unfortunately, you are all muted and you cannot answer. So I have to give the answer myself, so really taste it and you will take it. And the message is do a proof of concept. When we have the trans the customer to do a concept, then we win 80% and more of the projects because the solution is really stable. It works. And as you see in the, in the use cases before the customers are happy, okay, so here are my contact data. My name is Stephan Robin. I'm the area director for da and Eastern Europe. My email address is Robin wix.com. You also see my mobile number. You can download the presentation, even with all the links. If you need any further information, if you want to get a day more approved of concept, or even just the presentation, contact me here are my contact details, and now I'm about to finish, and I will pass over to Martin again. And thank you very much for hosting this conference.
Thank you, Mr. Adam, and let's directly continue with the third part of our webinar, which is the Q and a session. We already have a long list of questions here, but if you have more questions, please don't hesitate to enter these, the more questions, the more interesting the Q and a session. So one RA a technical question I have here is, does all support the creation with Okta identity, access management, ideally, including the multifactor in capabilities. That might be also question we need to answer remotely, but I just raise it because it came in your trust. Now
What solution you're talking about? I didn't get that
With Okta.
We Canta, we can integrate with every solution that speaks rest API.
Okay. So there's no standard integration, but there are arrest APIs, which can be used for integration.
Yeah. Right.
Okay. Another question which might be, probably be best suited for Mr. Robin, is, is there any difference between cloud and on-prem licensing?
Yes, indeed. We have an on-premise licensing where you can license per users per concurrent sessions and also per target machines. So, and this is then you normally purchase it for an on-premise use, but also we have many service provider pricing and we also have a subscription model as pricing. So here we are very flexible to find the right approach for every individual instance.
Okay. Another question I have here is S the Pam or the solution in the cloud also available on other marketplaces in AWS.
Yeah. We are in Azure as well.
Okay.
Which is for, for also supporting VMware and Microsoft type, we, for sure, but AWS and are the main cloud platforms.
Okay. Next question. Does BOL offer its own cloud service or only why a partner? So do you only offer sort of the, the capabilities run in the cloud, or do you have your own cloud service available as sort of a public public cloud service?
So,
Absolutely the focus is to use partners doing managed services or doing cloud services hosting our solutions. Yes. But in some cases, and this was the example of this aerospace leader, where we are also doing the managed service for ourselves. So we are hosting it and we manage it, but the intention is really to work with partners. And this was the other example, for example, with clarinet.
Okay. And given that you,
Everything is possible
That you easily use partners or that you support both AWS and Azure. So I think the answer to the next question, if you, which just where our data centers used by wall and service providers located is, is pretty clear with Azure, AWS, the customers can choose flexibly aside of that. It depends on the partner, ISU
Data
Centers.
I don't get the question.
So, so the location of data centers is the question. So where are they? And given that service partners do it, which then will choose the appropriate service data centers or customers can run on Azure and AWS. It means they have a pretty big choice of data centerized to,
With, with Asian, AWS, you, you can choose the regions. And if we do the managed services, the, the data center is in, in Paris, in France.
Okay. Could you elaborate a little more on the security capabilities and features you use for secure cloud deployments?
This is also a question for you. What, what do you mean with security?
Are, are there specific things or, or so how do you, for instance, protect access to the environment, the cloud, what is encrypted, things like that? So whatever you can share, I think obviously you share a lot of information about the security of your pan solutions. So are there additional things beyond what you do and what are the sort of the most important things you to ensure for instance, that secrets remain protected? That's how I would interpret the question. So go a little bit more into technical details, maybe around how you make the things secure in the cloud.
So maybe is this about maybe the, the password world, how we manage password yeah. Password,
But also, you know, the access to the consult, things like that. I think that's all part of that question.
So we can protect the, the, the console with second factors. I, I, I'm not sure though, I'm on, on the same page as you. Okay. So at least we are supporting general other security solutions. So at least the access manager can be easily integrated with multifactor authentication of all available vendors in the market. And even the password world. I'm, I'm not 100% sure about the, let's say the encryption technologies we are using for the password world. For example, maybe you have a deeper information Porwal, but at the end, all passwords or credentials, or even keys like PKI keys, or even hash codes of passwords can be stored in a dedicated system, which is especially encrypted. But I have no further information. What encryption methodologies we are currently using. Maybe you Walter. Yeah. The, the critical informations or encrypted with a year, 206, we, for, from the point of view, it's a closed system. It's a black box, it's an appliance. So data are not shared on, on other systems from, from AVS or Asia. So if you good point with the black box, did this answer the question, Martin?
I think that is a good answer. Yes. Black box of flexibility integration with different types of access management, a indicators, the, the AEs 2, 5, 6 encryptions, things like that. Another question I have here maybe more for, for Stefan is given that there's still some relax regarding moving that type of solutions to the cloud is, do you see huge interest of European customers in running Pam from the cloud, or is it something which is more happening outside of Europe when you look at your customer base?
So at least what we realized, especially in conversations with customers who currently have their it infrastructures really completely on premise. And, you know, also, especially in Germany, this is still a thing of a trust by moving virtual machines to the cloud. So even when many organizations using cloud applications like Salesforce, Google services, and so on, they still fear a bit by moving parts of their infrastructure. So meaning virtual machines to the cloud, but even the starts, and even with some customers, a few of them, we, we showed in the, in the, in the, in the reference, meanwhile using really at least applications or have running applications on virtual machines on a public cloud like Azure or AWS, this is starting slowly, but we currently see it. And especially when you have to protect these data, and this is then also a part for the trust that we can say, okay, we have always a cloud pump solution, and you can always have mixed architecture parts on premise parts on the cloud. And then we have at least for the cloud parts, a full protection of a privileged access management. And this is what I said at the beginning. If you go to a cloud, you pass over some value to someone else you do not know completely. And I think this was also a criteria to move over virtual machines to a cloud, to, to use an additional security solution like VO.
Okay. Final question for today, I believe is so, so when you look at the reality, a lot of organizations still don't have privilege access management deployed. Do you believe personally believe that cloud offers like yours will change that and leading to more organizations, adapting, a privileged access management, which they should have in place as part of their cybersecurity approach.
So I don't think that we, that we as wall will be a big part in, in convincing customers to move to the clouds. But I think, and you mentioned it before the digital transformation is going everywhere. And that means that even many organizations have to rethink their own it strategies. And you mentioned it also the classic, it will be connected with operational technologies or will be melted together. And the cloud will be at least a very important part just to save costs, to get performance, to get availability. This is a development that will come and we even, we will, we will not influence it. And, but the digital trans information, and there will be no alternative, but the point is really when a customer is going in that direction, time will help it to make it successful and with, with the lowest risk as possible.
Okay. So thank you very much. We're at the end of the time for this webinar. Thank you very much, Mr. LA. Thank you very much, Mr. Cole, thank you to all the attendees for listening to this copy call webinar. I hope to have you soon again in one of our upcoming webinars. Thank you and have a nice day. Bye.
We have a couple of upcoming wins. So this month, our consumer identity world too will start in Seattle us. Then we will have an event in Amsterdam, end of October and one in November in Singapore. And mid-November, we will run our cybersecurity leadership summit and our cyber access summit in Berlin. These are some of our upcoming webinars aside of upcoming events, aside of all the webinars, some guidelines for the webinar, you are muted C you don't have to mute around yourself. We are controlling these features. We will record the webinar and there will be a recording available latest by tomorrow. And there will be a Q and a session at the end. You can enter, however, you can enter questions at any time so that we have ideally a long list of questions we can walk through in our Q and a session. Let's have a look at the agenda.
The agenda for today is split to three parts. In the first part, I'll talk about the benefits and challenges of running privilege management solutions from the cloud. And the second part, then chef Martin area sales director at wall will talk about use cases from regulated industries, for running privilege management from the cloud. And the third part, we then will have a Q and a session. So the topic and factors around privilege or privileged access management. So how to deal with highly privileged access. And the question on, is there something we can or should deploy from the cloud and what do we need to keep in mind? I'll do more there, the, the generic part. And then as the agenda indicates, Mr. Hub will dive into concrete examples and more into detail. So I'd like to start with a very important perspective. So when we look at the cloud, a lot of talks about, can we do it? Is this, are we allowed to do it?
There are two aspects we should keep in mind. The one is more the compliance and audit aspects. So do we meet laws and regulations? Potentially we do we'll need to carefully evaluate it, but basically we can do it. We, and on that side of compliance also, we have the audit aspect. So it means audit must be, so our audit requirements must be covered, but it's also about doing the things right from our own perspective. So what do we really do? Do we do it the right way? So order compliance are tightly related, but at the end, what counts is that needs of compliance nor order make you secure? It's about taking the right actions. So we need to do things right. And that is, I think, super important also when it comes to topic, can we run our privileged access management and other services from the cloud?
So the one thing is, are we compliant? We need to be, we need to fulfill our audit requirements, but we need also to understand what does it mean for us? And we can also take it wise versa and compare it with, what does it mean when we run it internally? What are we responsible to do in that case? Because then we don't have a cloud service provider, which takes some of our responsibilities. And that will be sort of main theme for my talk during the next, roughly five, 15 minutes before then, Mr. Martin starts was his part of the presentation. There are a variety of changing requirements for privilege management. We have observed over the last couple of years right now. And so when we look at privilege management, obviously this topic became more and more important as in, in the context of the ever increasing threats and attacks.
Attackers always are after the highly privileged accounts, because this gives them sort of the biggest reward for running the attacks. So we need to protect these accounts. Well, we obviously have the challenge of there are new deployment models. Like the cloud, there are new service models like MSP models. How do we manage access privileged access to these environments like cloud? How do we manage privileged access of employees of our MSPs? We have connected things which make stuff even more complex, a little bit outta scope for today. We need to integrate privilege management increasingly better with other areas because it's one element in our security strategy. It's one element in our identity strategy. It needs to work with the other things. And obviously we have ever increasing requirements from the regulatory compliance. And so the game has become more complex these days. And we need to understand how do we do privilege management best and privilege management.
There is more than just shared accounts. So when we look at what privilege management is, then we have basically two areas. The one is this personal versus shared accounting. So we have for instance, functional accounts, which might have pretty lower entitlements. On the other hand, we might have personal accounts which have very highly elevated entitlements, such as the SAP power user. And so session management, as one part of we commonly see privilege management product focus more on the elevated accounts, whether they are personal or shared while the traditional British account management focuses more on the shared account side of things. So it's a bigger theme. And I look at the elements of what we expect to see within today's privileged access management or privilege management solutions later in my presentation. But that trust to sort of clarify what we are talking about. We're talking about privileged access management.
We are looking at a question of, is this something we could and should consume as a service and to answer that question or to bring in at least some, some thoughts from our end, helping you to find your answer on that? I think it's good to start with the business. And it perspective as on cloud services, from a business perspective, it's digital business, which the business things. And so everyone talks about digital transformation and all that impact of businesses want to use it to be faster on that, to connect customers, to deploy new types of applications rapidly, and also to better deal this business risk from a it perspective, things like cost reductions are understand like improved it efficiency. Obviously that means migrate existing applications. And it's when we look at the entire risk posture, it's about compliance and security. So how can we make that compliant and secure?
And this is always the question when, when looking at cloud services. So there's a potential for cost reduction for a potential for improving it efficiency. The services are run. We have a, at least a very predictable pricing model. We have less costs of project for, of deployment of things like that. On the other hand, can we make it, can we do it in a way which is compliant secure enough? When we look at a benefit and risk perspective, then for different aspects, with respect to different types of cloud models, then it also becomes obvious that private cloud deployments have their benefits when it comes to risks. So we can have a better control, a better grip potentially regarding governance and compliance data protection, cyber defenses, I will own lockdown environment. On the other hand, the cost aspects, scalability aspects resilience are at the lower level. Then for instance, on public cloud model, obviously public cloud potentially is the best from a cost perspective, from a scalability perspective, but we have some trade offs when it comes to governance compliance to data protection, to cyber defense. So we have to evaluate which of these models is the one the provider offers and which is the one which fits to our requirements and to understand sort of the benefits and the risks and the trade of between these areas.
And there's not the one single perfect solution, which is perfect regarding benefits and super regarding the risks. We don't have it. So it's always a decision we need to make between these areas. When we then look at that, that topic of cloud, then we also should understand which are levels, which need to be managed so end users potentially, or can access software as a service. So they access applications on data. We have the programming, the platform as a service service programming tools, APIs in the middleware. We have the infrastructure and we have as a service with storage compute connection. We have the physical infrastructure. Factually we have five planes that need to be managed and secured, which are the hosted applications to programming tools, the middleware, all the infrastructures, the service components and the underlying hardware infrastructure for physical service, storage and networks. The important thing here is depending on which type of thing we do in the cloud, we will have different rank responsibilities for each layer.
And when you look at a thing like privilege management, which factually is something which is probably best considered as a platform, as a service approach, then we have some certain split of responsibilities between the talent. So us as an organization saying, oh, we want to use that cloud service and the providers or the company delivering this as a cloud service. And this is what I show in depth slide. So we have different planes like the underlying infrastructure, the operating system, the middleware, the application, the data and access, and in an infrastructure as a service, the provider only provides the infrastructure and everything else, the operating system, middleware, et cetera. Isn't the responsibility of the tenant. While when we look at the software as a service side of things, someone provides an application, the underlying middleware dos the infrastructure. So the provider responsibility for all of these areas, the tenant is only responsible for the data and his access for platform as a service it's somewhere in between.
And, and so, in fact, when we look at privilege management as a service, it's somewhere in between platform as a service and software as a service, but obviously there are certain provider responsibilities, which also shows that there are things we don't need to care about. So it's the provider's job to care for the security of the infrastructure, the security of the operation, operat operating system, et cetera. This is very important to understand, because this is also something you need to check. For instance, when you look at a contracts, a provider going from there, we need to also to understand what our, what is the functionality needed is functionality provided and what are the nonfunctional aspects which need to provide be provided. And I look at the functional side a little later and start on certain aspects from the nonfunctional side, which are of specific relevance.
When we look at services like P access management, so security service, factually, which deal with very critical access, very critical assets. So from a that perspective, we obviously have the service functionality, but then we end up in the more nonfunctional things like enterprise hybrid support. So does it support what we have as an infrastructure in our environment? So we have most likely not only cloud services, which we, where we need to manage privileged access, but also application on premises on premises, DevOps, not that relevant in that space, because we don't have that much of DevOps for that type of service, but service availability, the compliance with regulations, the data protection super important, obviously for privileged access to cybersecurity, the services provided to onboard your business, to the service. All these things need to be provided. These are very important. And some of the specific aspects here are for instance, in business continuity.
So are there guaranteed SLAs, are there specific availability zones, failover options, Dr. Options. So when we run privilege management from the cloud, obviously one of the things which is of high relevance is that access to our servers, privileged access always works or to other components we manage. So we need these capabilities here. We need compliance certifications, and the more certifications, or at least having the right set of certifications is maybe better. The better it is, because that means you as a customer can rely on certifications instead of going much into detail of the specific service to loan. So always ask for certifications. What about a governance, the management security. So what is provided by your provider regarding that? So does he deliver information? So does he have defined security controls and deliver information about it? Do you get, which information do you get from a logging perspective is this is everything there you need from your perspective, particularly in this area of highly privileged access.
So we always have this, this situation of vulnerabilities and threats now. So we have the threats, we have our vulnerabilities, how is this handled? What about X governance capabilities? If you're required, then data security, obviously super important. When we look at shared account passwords, which are handled, how secure is that system for itself and the infrastructure, what are the services provided? What are the approaches provided by the service provider? So what is in fact, what you get for cyber defense by that service? These are the questions you need to ask. And obviously the security questions, security related aspects are of specific importance. When we look at the question of, can we deploy a service such as privilege access management from the cloud. So aside of that, we also need to functionality. And so we have a couple of areas which ideally are part, not all of them are mandatory, but a shared account password manage.
For instance, one of these areas we should be in privileged session management also is a standard element in privilege management. There might be application to application, password management. So for the communication, the secure communication between applications and avoiding having credential stored and scripts, etcetera. Now second recording and monitoring is in fact, an extension of the privilege session management, controlling privilege, elevation is another area. So how can you ensure that only certain for level commands can be run in the system, et cetera, maybe some use of behavior analytics. So detecting anomalies and outliers and behavior endpoint, privilege management, more frequently seen, but also can be treated as a totally separate discipline and some access governance. So who really has privileged access, things like that. These are from our perspective, key capability areas. And you need to understand are the ones you really need, are they well covered by the service you choose?
And that is, I think also a little bit more important when you look at services deployed from the cloud, because frequently we see that as of today on premises solutions are more feature rich, more, more, more powerful than cloud services. So you need to look at this and also potentially balance than functionality versus the ease of deployment versus all the other benefits you get from a cloud service integrations also important. So can you do the integrations? How can you do them? What can you do? Like integration to hardware, security models for managing credentials, other stuff like user behavior analytics, like integration with your access governance tools or integration to your security operation center solution. So another area which is important to understand, to look at is the product integration area. So there are a lot of things to consider. And many of these are more nonfunctional sites.
So is the way the services provided the responsibility is split between tenant and providers is good enough for what you really want to do, but also is the functionality there. You need basically virtually everything today can be run from the cloud. And it's not that there's an answer. Yes, no, for an area like privilege management, it's more, it depends on how it is done. And so the importance thing is do it right. There need to be defined responsibilities and they need to be written into contracts. So we need to have support for governance. For the management risk management security controls, the auditing. We need to have everything we require from an operating model perspective, like failover options, disaster recovery, etcetera. We need the certifications. We need the functional capabilities and we need to integrate, and we need the capability to support our own environments. And so you need to check the various offerings and map it to higher high level, high level perspective to these types of requirements to identify, yes, that's the right way to do or not. With that. I hand over to Stefan Martin, who right now will talk about use cases and his concrete view on running privilege management from the cloud. Mr. AB your term,
Those thank you very much. Do you hear me? Yes.
Great. And I hope you also see the starting screen of the presentation. Yes. Great. Then I can start instantly. So thank you very much, Martin, for this introduction. Now we will talking a little bit about wall Pam in the cloud. So the agenda, some foundations about Pam, then I will present to case studies, both of service provider business. And I finally will finish with some things about wall Alexei. So Palm foundations about what we are really talking. And this is really that you can imagine that you give really important and very sensitive value out of your own hands. You pass it over to someone else, and this could be a service provider. This could be a cloud. This could be an external engineer or operator. This could be internal administrators. At the end of the day, you give some real important value. You need to protect out of your own control.
And the thing is that really no one can give you a 100% guarantee that the data is always integrity. So the integrity of your data could never been 100% guaranteed. Why it is the case, because the way you could really become stolen, changed deleted, hacked misused. So there are many things that may happen, which even a service provider with a great SLA agreement could not 100% deliver. And even this is not just prior per accident per intent. This could also happen as per accident. So what options do you have then now if you have passed over the value. So for sure you can keep it back to your pocket where the information, the value keeps dark and unused, and even you have to, to manage it themselves, but also the other option. And this is why we are talking about with Pam. You can really take the own responsibility, the protection of the value, even in external hand by yourself, the Pam is making sure that you always have the visibility that every excess is authenticated, monitored controlled.
And for sure, also protocols and on the other side, that every unauthorized activity that should happen with your value will be blocked. And only in this case, you can really pass over your most important value, which is the data of your organization up to other hands. And this is really the message of a pump solution, keep the integrity of your value. And then you can also pass the security audits you may have to do successfully. Okay. So we see this picture. Even Martin talked a little bit about the changing organization within the digital transformation, and this is really the case. The constant change of large enterprises make managing privilege accounts. Very challenging and organizations must be able to adapt new devices, new applications, technologies, even employees, while really ensuring that the security remains still tight. And the privilege access management is really a way for organizations to improve the management, the visibility, and for sure the control they ever have about privileged users.
And even when you look to this picture, the attack surface really increases with the business expansion expansion and securing. The privileged accounts is now a real key point in improving the organizational security and especially, and this is why we are talking, especially in the cloud. The use of external third party privilege users is a widespread practice in all industry and to guarantee access rights to users really outside of the organization. And this is really also one of the greatest cybersecurity vulnerability and all of these stuff require access to the organization's it systems. And even Gartner sets that in 2025, which is just seven years, 90% of all industrial applications will be accessible in the internet. And this is not encapsulated as it may be in the state current now. And these op these opportunities all create more complexity in the organizations and thus new risks. And this is where Palm applies to secure the remote access and really to multiple strategic assets.
So companies are faced with the possibility that there are also lingering privileged accounts with lingering. It means they can be long forgotten or any users are holding still lock on credentials, but they do not use it any longer or users have left the organization, but their privileged accounts still exist. Privileged accounts still have sometimes weak passwords like admin one, three, or the password will not be changed or will be these S used time to access malicious intention. The, of the reported data breaches we had in 2017, the majority was the result of an insufficient cybersecurity practice. This was not a brute force attack on the firewall, and yes, of course, you still need to do the protection against outside threats like with firewalls, but the most, and really essential task is to ensure the protection of the critical assets that are be operated and managed by the privileged accounts and users inside and outside of the organization, just to summarize. So Pam, the ed access management keeps the integrity of your data with functionalities, like identity authentication, the control of the activities, the monitoring, and the auditing. And for sure, also the session, the session recording and thus a reporting when it is needed to, to investigate on the potential security break.
Okay. This is some information about privileged access management and, and also about the use case we see as well, Alexei. And now I would like to go with you to some case studies. We have one which is clarinet, which is a service provider in the healthcare, especially in the healthcare business. And the second one, which is great European aerospace industry leader. So Clara net Clara net is really acting as a service provider and they are also the indu, the European leader in hosting and information management, especially on critical applications. And they are present in eight country and clarinet, mainly hosts eCommerce platform, but also sites and applications for companies in the K four team, which is one of the, the, which is the French stock index, the, the top 30 customers there even key players in the public sector and large organizations, banks, insurances, mutual societies, they are also customers of clarinet.
And this is why clarinet is certified ASDS, which is the named as a health data host. And they also have to be compliant to PCI DSS 9,001 or 7 27 0 1. And the data in the applications hosted Bylar. It is very critical because they really must be available all the time to ensure the performance. And also the availability of their platforms where critical customers are behind. And to obtain this accreditation as a health data host, or for AIP, which is also a required certification. And this is the agency of shared healthcare information services. It was really required that accesses needs to be traced to the platform via one single interface to, and the centralized access. So these have been some requirements and challenges that have to be met by Clara net with a privileged success management solution. And WOS in this case was the only publisher who was able to respond to the security specifications, particularly in terms of the HDS compliance.
But although also several other factors made the wall pass past as the product name of the wall pump solution decided as the best choice for clarinet. And this was, and this is one of the, the greatest advantages we have with wall. This was really the smooth integration of the solution and a very smooth maintaining and manageability of the overall running pump solution. And also, and this was a point was, which was very important Tolar on it. And that even the billing system could be done by server. So meaning the number of resources that have been protected by the pump solution. And even this billing model based by server really fits perfectly in clarinets existing business model. And this was a win-win situation for both company and really today, every access in clarinet to their health platforms hosted by clarinet passed through wall technology. And this represents around 700 servers and even over 300 privileged users and roundabout 70 sessions in parallel.
So just to summarize clarinet has really found the tailor made solution, perfectly meeting its data security needs, easy to use and easy to adapt to its existing infrastructure. And so clarinet can mobilize the it resources really to focus on the core business and not managing stuff like this. The second big example, which is European aerospace industry leader, and here it is wall Alexei doing the managed service for them. So this is also a service provider situation. And here we are talking about a large environment and it's about 12 connected manufacturing plants in several countries across Europe. And here we have really to face some very complex workflows. The platforms are connected and even errors and malfunction often, especially and required remote maintenances. And this a lot of external support engineers had to be engaged in several various machines. And therefore the company used several solutions to allow access to these external engineers to, to, to get access to their machines, to maintain it.
And this was at the end of the day, the issue because all these access solutions like span or they use conferencing systems, even direct lines, direct connection software, they did not meet the critical security requirements of this organization. And that was the case. And that I thought about in thinking about a privileged management solution and here the solution with wall was as the following. So first it was the excess control and even the identity management and the requests. I can talk a little bit about it. The connections really should be made only at the request of the responsible entity. So every internal system owner had to confirm and approve every single request and this responsible entity, especially they had to confirm and allow them to access, and also be able to counsel a remote session locally and immediately when they feel there is something going in the wrong direction.
And also the external maintenance personal must strongly authenticate with a two factor authentic authentication, for sure when a session is begun and also they need to have an exclusive access to the target access only and no access to any associated network. And it was also important to, to create a mapping of the support sessions between the account of the internal employees and also the unique IDs of the internal maintenance personal. This was very important for this large customer to differentiate between internal and external. Also from the, and monitoring part, it was required. All data, all data with a reporting pass over to a solution 10th Al be locked and also reported session recorded was required for each performed, remote maintenance task. And also the recorded sessions shall be encrypted and only reviewable in the release of the workers council representative. Especially we in Germany, we are very strict on giving access about individual activities.
And here with wall, we have installed a multi eye principle where the workers council has to agree for before any insight and personalization can be happen. And finally, any recorded sessions should be captured for over at least six months. So at the end of the day, we were able to meet all the requirements and we had the proper installation on the organization. We are still maintaining it and we are off. We are, we are running the, the, the full, the full operation for this company. We are also operating the multifactor authentication and we ensure that everything is recorded and encrypted. And also, and this is a very important point. We were able to guarantee an uptime of 99.99%, and also similar, like the use case with clarinet it's massively, it reduced the internal workloads.
So some things about wall and how is our architecture looks like? So we have our system. I mentioned it already before it's called the, and this is separated into three parts. The first one is the access manager and the access manager is responsibility to taking the access, especially from the external players. This could be the privilege users. This could be the third parties, but also this could be the auditors and compliance managers. A strong authentication is important, but then you can be rooted through the session manager. And the session manager is responsibility that you can access to the target systems you have maybe to access for maintaining the system. And every session is recorded. The pattern is, is recorded, and you can also have a single sign on to get the access, and you are only allowed. And these are the, the rules set up in the session manager to access to those systems, which you are privileged, which you are authorized for.
And you can only do these kind of, you are allowed. We are supporting for sure, the applications and servers in the windows world, but also in, in the server world. You see here in this picture, also a second component, which is the password manager and the password manager with that. You can really set up password credentials. You can, you can change and adjust the, the strength on the complexity of passwords. You can do check in, check workflows, you can do password rotation, or you can ensure that a password can only be used for one session, and then it'll be replaced by another one. So even if a privileged account is be hijacked, the same password could not be used anymore. And this is why privileged access management is not just controlling the access and managing the activities. It is also a kind of the protection of the authentication.
And you see, as the part in the middle, this is the password world. This is a strong container with a high security encryption where passwords or passwords can be stored, okay. Even Palm in the cloud, which just part of today's webinar is important. A Palm solution, especially the one from wall can be used even as an on-premise solution, but also in the cloud. And this is one of the advantages we have to many competitors. We are also cloud already. And especially here is an, an example on, on the Amazon AWS cloud. So we have passed available even as a, what you say as, as an image on the cloud, you can select, and then you can instantly run it. And even a public RP is allowing you that we can do provision automation. And also we can set up automated workflows. When for example, new virtual machines are coming in, or other virtual machines are going out or will be set, will be changed.
And here we are, we have a direct integration in, in an Amazon tools like AWS, CloudWatch or AWS. So at the, of the day, you can do the same things as you can also do with the pump solution in your on world. And just to show that it is really easy to install. This is not to say, oh, when I go to a cloud, this is now very difficult for the setup here. There are already existing wizards that you can do here. This is a six, six step set model where you can follow a wizard to choose the, the, the, the Amazon image for BA and the cloud. You can configure it with a wizard. And then after some minutes, it's really, and this is one of the most strengths for easy to use and maintain. So the architecture is also when we are using pasture as time in the clouds, we have the entry over the access manager, and then we have the dedicated intent of se session manager or password managers lying in the, in the separated clouds. And the, the access is mainly about HDS RDP or SSH.
Okay. So last but not least why, yes, it's a European solution. We are not an American solution. We, and this is why we are really able to follow the requirements, the compliance requirements that are mainly existing in Europe, we are completely agentless. And with the easy and user friendly installation and maintenance, we, we have really a very fast route to the compliance. We have done some improvements in our security and the solution is also really highly scalable and will at least also in larger organizations provide a great cost effectiveness. Okay? So even some customers you see here have already chosen S this is just a very small picture. We have many more customers, but here we wanted to show some organizations who are, who are really used a pump solution in a managed service or in a cloud environment. So if you are interested to get more information about you see here, the use case of clarinet, if you really want to get some details, you can download it here.
You see the link on the right side. We also have a white paper regarding Theo 27 0 0 1 compliance, where we are having a very detailed description of requirements and best practices. And if you are interesting in what's new and many information and use cases business, then you can go. And so you all, I like like to ask a last question, and this is what has well expressed, your with a good bottle of wine in common. Unfortunately, you are all muted and you cannot answer. So I have to give the answer myself, so really taste it and you will take it. And the message is do a proof of concept. When we have the trans the customer to do a concept, then we win 80% and more of the projects because the solution is really stable. It works. And as you see in the, in the use cases before the customers are happy, okay, so here are my contact data. My name is Stephan Robin. I'm the area director for da and Eastern Europe. My email address is Robin wix.com. You also see my mobile number. You can download the presentation, even with all the links. If you need any further information, if you want to get a day more approved of concept, or even just the presentation, contact me here are my contact details, and now I'm about to finish, and I will pass over to Martin again. And thank you very much for hosting this conference.
Thank you, Mr. Adam, and let's directly continue with the third part of our webinar, which is the Q and a session. We already have a long list of questions here, but if you have more questions, please don't hesitate to enter these, the more questions, the more interesting the Q and a session. So one RA a technical question I have here is, does all support the creation with Okta identity, access management, ideally, including the multifactor in capabilities. That might be also question we need to answer remotely, but I just raise it because it came in your trust. Now
What solution you're talking about? I didn't get that
With Okta.
We Canta, we can integrate with every solution that speaks rest API.
Okay. So there's no standard integration, but there are arrest APIs, which can be used for integration.
Yeah. Right.
Okay. Another question which might be, probably be best suited for Mr. Robin, is, is there any difference between cloud and on-prem licensing?
Yes, indeed. We have an on-premise licensing where you can license per users per concurrent sessions and also per target machines. So, and this is then you normally purchase it for an on-premise use, but also we have many service provider pricing and we also have a subscription model as pricing. So here we are very flexible to find the right approach for every individual instance.
Okay. Another question I have here is S the Pam or the solution in the cloud also available on other marketplaces in AWS.
Yeah. We are in Azure as well.
Okay.
Which is for, for also supporting VMware and Microsoft type, we, for sure, but AWS and are the main cloud platforms.
Okay. Next question. Does BOL offer its own cloud service or only why a partner? So do you only offer sort of the, the capabilities run in the cloud, or do you have your own cloud service available as sort of a public public cloud service?
So,
Absolutely the focus is to use partners doing managed services or doing cloud services hosting our solutions. Yes. But in some cases, and this was the example of this aerospace leader, where we are also doing the managed service for ourselves. So we are hosting it and we manage it, but the intention is really to work with partners. And this was the other example, for example, with clarinet.
Okay. And given that you,
Everything is possible
That you easily use partners or that you support both AWS and Azure. So I think the answer to the next question, if you, which just where our data centers used by wall and service providers located is, is pretty clear with Azure, AWS, the customers can choose flexibly aside of that. It depends on the partner, ISU
Data
Centers.
I don't get the question.
So, so the location of data centers is the question. So where are they? And given that service partners do it, which then will choose the appropriate service data centers or customers can run on Azure and AWS. It means they have a pretty big choice of data centerized to,
With, with Asian, AWS, you, you can choose the regions. And if we do the managed services, the, the data center is in, in Paris, in France.
Okay. Could you elaborate a little more on the security capabilities and features you use for secure cloud deployments?
This is also a question for you. What, what do you mean with security?
Are, are there specific things or, or so how do you, for instance, protect access to the environment, the cloud, what is encrypted, things like that? So whatever you can share, I think obviously you share a lot of information about the security of your pan solutions. So are there additional things beyond what you do and what are the sort of the most important things you to ensure for instance, that secrets remain protected? That's how I would interpret the question. So go a little bit more into technical details, maybe around how you make the things secure in the cloud.
So maybe is this about maybe the, the password world, how we manage password yeah. Password,
But also, you know, the access to the consult, things like that. I think that's all part of that question.
So we can protect the, the, the console with second factors. I, I, I'm not sure though, I'm on, on the same page as you. Okay. So at least we are supporting general other security solutions. So at least the access manager can be easily integrated with multifactor authentication of all available vendors in the market. And even the password world. I'm, I'm not 100% sure about the, let's say the encryption technologies we are using for the password world. For example, maybe you have a deeper information Porwal, but at the end, all passwords or credentials, or even keys like PKI keys, or even hash codes of passwords can be stored in a dedicated system, which is especially encrypted. But I have no further information. What encryption methodologies we are currently using. Maybe you Walter. Yeah. The, the critical informations or encrypted with a year, 206, we, for, from the point of view, it's a closed system. It's a black box, it's an appliance. So data are not shared on, on other systems from, from AVS or Asia. So if you good point with the black box, did this answer the question, Martin?
I think that is a good answer. Yes. Black box of flexibility integration with different types of access management, a indicators, the, the AEs 2, 5, 6 encryptions, things like that. Another question I have here maybe more for, for Stefan is given that there's still some relax regarding moving that type of solutions to the cloud is, do you see huge interest of European customers in running Pam from the cloud, or is it something which is more happening outside of Europe when you look at your customer base?
So at least what we realized, especially in conversations with customers who currently have their it infrastructures really completely on premise. And, you know, also, especially in Germany, this is still a thing of a trust by moving virtual machines to the cloud. So even when many organizations using cloud applications like Salesforce, Google services, and so on, they still fear a bit by moving parts of their infrastructure. So meaning virtual machines to the cloud, but even the starts, and even with some customers, a few of them, we, we showed in the, in the, in the, in the reference, meanwhile using really at least applications or have running applications on virtual machines on a public cloud like Azure or AWS, this is starting slowly, but we currently see it. And especially when you have to protect these data, and this is then also a part for the trust that we can say, okay, we have always a cloud pump solution, and you can always have mixed architecture parts on premise parts on the cloud. And then we have at least for the cloud parts, a full protection of a privileged access management. And this is what I said at the beginning. If you go to a cloud, you pass over some value to someone else you do not know completely. And I think this was also a criteria to move over virtual machines to a cloud, to, to use an additional security solution like VO.
Okay. Final question for today, I believe is so, so when you look at the reality, a lot of organizations still don't have privilege access management deployed. Do you believe personally believe that cloud offers like yours will change that and leading to more organizations, adapting, a privileged access management, which they should have in place as part of their cybersecurity approach.
So I don't think that we, that we as wall will be a big part in, in convincing customers to move to the clouds. But I think, and you mentioned it before the digital transformation is going everywhere. And that means that even many organizations have to rethink their own it strategies. And you mentioned it also the classic, it will be connected with operational technologies or will be melted together. And the cloud will be at least a very important part just to save costs, to get performance, to get availability. This is a development that will come and we even, we will, we will not influence it. And, but the digital trans information, and there will be no alternative, but the point is really when a customer is going in that direction, time will help it to make it successful and with, with the lowest risk as possible.
Okay. So thank you very much. We're at the end of the time for this webinar. Thank you very much, Mr. LA. Thank you very much, Mr. Cole, thank you to all the attendees for listening to this copy call webinar. I hope to have you soon again in one of our upcoming webinars. Thank you and have a nice day. Bye.
Stay Connected
Related Videos
How can we help you