A New Level of Granularity for Access Management: Privileged Task Automation

A New Level of Granularity for Access Management: Privileged Task Automation

Sep 14, 2018 / Kron

The future of securing network infrastructure, data, applications and the proliferation of devices enterprises need to secure is in automation.

Enterprises are going to require more granular control of access to mission critical assets, and if they don’t think ahead and identify ways to have machines help, they will find themselves stretched to the limit, and in a position of more vulnerability.

That’s why Kron has led the market in developing Privileged Task Automation (PTA) solutions as part of our overall Single Connect platform.

Instead of “granting privileges” to users, IT managers can now “grant tasks” while also making sure those daily tasks can be fulfilled without any hurdles.

For example, an operations manager or a developer may just need to restart a service on server from time to time. Instead of granting access rights of that server to that manager or developer, the main admin can grant the “restart task” empowering them to take only that action without interfering with any other aspect of the server.

As microservices grow, this is an ideal time to adopt PTA; here’s a quick overview of how it works:

 

 

 

And here’s an architectural view:

 

 

The high-level benefit of PTA is allowing for the automation of system administrators’ tasks, preventing the need to open access to critical infrastructure.

Administrators can create a task (restarting per the example earlier) and delegate that task to a more junior team member, with brief training and passwords. The junior person responsible for executing the task does not need any further data, including device administration passwords. Further, the administrator can create policy that allows only certain servers to carry out the specific command.

In short, the task has been delegated, and the privilege has been maintained most securely.

Senior admins can feel comfortable in delegating complicated multi-step tasks and remove human error by reducing the command execution to a single click.

All tasks can be run under a single Privileged Account, with Kron’s PTA module keeping a full record of the parameters used and who issued the commands.

More secure – more efficient – more accurate – less expensive – PTA brings enormous value to enterprise IT teams with full audit and compliance. Everybody wins!

 

Author: Orhan Yıldırım

Other Blogs