Privileged Access and Account management

Privileged Account Management is responsible for managing special accounts.

Privileged accounts are those with rights for managing an application or carrying out important actions on a system. For example, you may have a domain administrator account, an auditor account or an account that approves financial expenditures.

With Identity Management, accounts that people use on a daily basis are managed. Sometimes these are default accounts, and they may not be sufficient to carry out all work tasks. In this case, special privileged accounts are needed. These accounts are not necessarily associated with one person, and as such Identity Management is not the correct solution for managing them.
To maintain control of your privileged accounts, we provide the following options:

A user requests access to a specific application and the appropriate rights are assigned to their own account. An example would be a request for groups within the Active Directory and the automatic assignment of those rights. We can extend this assignment with approvals, delegations, attestations etc.

A user receives access to a special account so they can carry out their work. It is not linked to a specific user, but is delivered on-demand to the user who needs it. This makes it important to have password management and life cycle management for a special account.

In addition to the previously-mentioned solutions, we can also provide other control options such as:

This logs what actions a user carries out when using the privileged account.

This records the user screen so that it is possible to determine later what actions a user performed using the account.

This protects the session logged into by a user.

This records the user screen so that it is possible to determine later what actions a user performed using the account.

This protects the session logged into by a user.

Almost every company is using Microsoft Cloud resources like Office 365 and perhaps also Azure resources in Infrastructure as a Service and/or Platform as a Service. The Management and Operations of these resources require high-privileged access for employees and should be based on least privileged.

This may fit for employees on permanent assignments, with standing permissions. However, to avoid risks of standing permissions, we strongly believe in a just-in time approach and only grant access when required, together with a certain time limit. Within the Microsoft Cloud environment this can be achieved by using the Privileged Identity Management solution and capabilities.

Suppose on the Microsoft Office part, the administrative roles like the MS Teams administrator or User administrator can be provided as temporary role with a time restriction of 1 hour and perhaps additional approval. In that case, the supporting team member does not have the role constantly activate (also called ‘standing permission), but can activate it whenever it is actually required to perform the task at hand.

Once the request for activation is submitted, the supporting team member could either be required to provide his or her multi factor authentication or there could be an approval required by one of the support team mates. Depending on the organisation requirements and processes this can be configured.

The PIM solution also supports the many built-in- and custom roles defined in the Microsoft Azure cloud environment, like a ‘contributor’ on subscriptions, resource group or resource level etc. For the infrastructure development, support and operational roles the advantage here is to allow this high-privileged permissions with additional approval and time limited fashion. Again no permanent standing permissions are required and just-in-time permissions can be activated by the user when they are eligible to do so.
Due to the fact that many cloud environments are rapidly growing, whereby lots of subscriptions and resources are deployed together with the operational shift to work in an Agile or DevOps delegated manner, the management and control of privileged access is becoming more important.

Red5 supports companies by designing the process, access model and implementing the privileged identity management solutions needed, to ensure control of privileged access towards your Microsoft Cloud environment.

Are you interested in how Red5 can support you with Privileged Access in the Microsoft Cloud?