Cloud Identity Governance
EmpowerID
and AWS
With a cloud-computing marketing share of 31.7% the number of organizations moving to Amazon AWS is staggering. EmpowerID integrates and works with AWS like you would not believe.
AWS Identity Governance
What This Integration Delivers
Identity Lifecycle for Amazon AWS
Eliminates security problems and manual errors associated with AWS user creation and access assignments
Just In Time Privileged Access
Zero Trust JIT access ensures users obtain access for only specified time with automatic revocation
Privileged Session Management
Web-based gateway deployed as microservice quick scalable resilient and effective
Compliance and Recertification
Full tracking logging and reporting capability means audits have never been easier
Adaptive MFA
20+ authentication types with adaptive MFA required only when circumstances warrant it
Watch AWS Integration Demo
See how EmpowerID integrates with AWS for identity governance
Automated Provisioning
Identity Lifecycle for Amazon AWS
EmpowerID Identity Lifecycle for AWS automates account provisioning and access assignment.
Automation of policy-based Compliant Access eliminates the security problems and human errors associated with the manual user creation and access assignment for AWS.
Within your organization manually triggered lifecycle events are inefficient. With EmpowerID workflows are triggered via changes from your HR system.
Using such triggers EmpowerID can then automatically handle the provisioning and deprovisioning of your IAM user accounts.
Permissions range from IAM group membership to AWS roles that will be accessed as ephemeral session-based permissions during Security Token Service (STS) federated logins.
Deprovisioning happens in a similar fashion. Permanent workflows detect changes in your HR system and in conjunction with your own business policy settings gracefully handle the necessary and essential handover of responsibilities and the transfer of data ownership.
Zero Trust Strategy
Just-in-Time Privileged Access for AWS
EmpowerID supports a Zero Trust strategy for Amazon AWS by enabling Just-in-Time (JIT) and Just-Enough administrative access.
EmpowerID uses permanent workflows to continuously inventory and monitor users, groups, and roles in your AWS tenants.
When they need access, end users can request temporary access to IAM groups or roles. Such requests can be pre-approved, or they can be routed for approval based on your own business policies.
With JIT access requests for AWS groups, EmpowerID temporarily provisions the user's existing AWS account as a member of the appropriate group and then revokes that access when the time expires.
This approach is stronger for two reasons:
- 1It is simpler than checking out vaulted privileged account passwords
- 2It improves correlation of user activity because the end user uses their regular account for the privileged access session
EmpowerID both federates and integrates with AWS depending on the request. EmpowerID's federation with your AWS STS leverages access requests for AWS roles.
Web-Based Gateway
Privileged Session Management for Amazon AWS
Privileged accounts in AWS are both a necessity and a liability. With their nearly unlimited access to system resources, they are essential for everyday IT operations, and your organization cannot operate without them.
Unfortunately, according to research, 62% of security breaches are through abuse of privileged accounts. That is also why EmpowerID fully supports the Zero Trust model.
Zero Trust stipulates that only the minimal access required should be granted for the minimal time period, and, if possible, the access should always be proxied and monitored.
EmpowerID's Privileged Session Manager (PSM) is a web-based gateway that you deploy as a microservice container in your AWS environments.
PSM provides authorized users with RDP or SSH access to AWS EC2 Windows or Linux virtual machines through a web interface. Servers never get actual network access.
This best practice approach avoids most common malware and hack exploits which rely on network connectivity to the servers they are targeting.
In addition, strong adaptive identity verification is enforced, and sessions can be optionally recorded as videos for later compliance investigation or verification.
Audit Ready
Amazon AWS Compliance and Recertification
EmpowerID allows your AWS team to breeze through audits.
AWSs sprawling and dynamic nature can pose a huge headache for auditors. Consequently to complete a certification process it may be difficult to prove who has access to critical systems.
But producing this proof becomes almost automatic with EmpowerID.
EmpowerID maintains an up to date audit and can provide complete control over who has access to what resources across all your AWS tenants.
In addition built-in attestation policies allow for rapid periodic recertification of AWS group and role assignments. This eliminates the hassle of auditing this critical infrastructure.
Additionally, risk-based separation of duties policies also allow you to define, detect, and remediate toxic combinations of access.
Identity Verification
Adaptive MFA for Amazon AWS
Organizations run some of their most critical workloads and store sensitive content in AWS.
Ensuring the identity of those accessing these services is critical in preventing data loss or system downtime.
Unfortunately, passwords continue to be the weakest link in an organization's security strategy. Multi-factor authentication (MFA) is the only proven means to plug this gap.
With over 20 MFA types, your organization now has a wide selection of options including:
- One-time passwords
- Third parties such as Duo
- The EmpowerID mobile app, which allows users to approve their logins with a tap
- FIDO YubiKey tokens
However, because users are traditionally resistant to change, EmpowerID's adaptive MFA makes it even better.
Adaptive MFA eases user adoption of more secure login procedures by ensuring that they only have to perform MFA login when circumstances warrant it and not every time.
These circumstances are dictated solely by your own business policies and conditions.
Secure Your AWS Environment
See how EmpowerID provides identity governance compliance and Zero Trust PAM for AWS.
