Privileged Account Management Is Critical in the Cloud


The move to the cloud began in earnest in 2007, as organizations looked for ways to cut capital expenses during the Great Recession. Fast-forward a decade, and the cloud is more popular than ever. According to a recent survey by LogicMonitor, 68 percent of workloads are running in public, private, or hybrid clouds, and that number will increase to 83 percent by 2020.

That’s because the benefits of cloud computing go well beyond cost savings. Survey respondents cited “digital transformation” and “IT agility” as the top trends driving cloud adoption. The cloud enables organizations to try new applications with less risk, roll out new services quickly, and eliminate the headaches of managing and supporting the underlying infrastructure. Cloud services are also ideal for branch locations and an increasingly mobile workforce that needs access to applications and data from any device.

But while the cloud is great for productivity and flexibility, it increases security risks. According to 66 percent of survey respondents, security remains the biggest challenge for organizations using the public cloud today. Governance and compliance (60 percent), a lack of cloud expertise (58 percent), and privacy (57 percent) were also cited as key concerns when moving to the public cloud.

Risks can be reduced substantially by addressing common cloud vulnerabilities and extending on-premises policies and procedures to the cloud environment. Specifically, Clango recommends that organizations emphasize privileged access management when developing a cloud security strategy.

There are a number of areas in which privileged credentials must be protected to prevent a hacker from gaining access to cloud resources, including the following:

  • The root account created when a cloud service is initially set up
  • All credentials providing access to the cloud management console
  • Privileged credentials associated with virtual servers, containers, data stores, and other cloud resources
  • API keys that enable cloud automation
  • Credentials and access keys associated with DevOps tools and applications

Privileged credentials should be secured immediately when infrastructure is provisioned, then removed when infrastructure is deprovisioned. Least privilege principles should be used when granting access to the cloud environment, and access policies applied consistently across multiple clouds as well as the on-premises environment.

Ideally, cloud credentials should be secured in a digital vault, such as the CyberArk Enterprise Password Vault. The CyberArk vault provides centralized protection and granular control over privileged account passwords and SSH keys throughout the DevOps pipeline and across on-premises, cloud, and hybrid environments. It also records privileged sessions so security teams can take prompt action if suspicious behavior is detected. CyberArk Privileged Threat Analytics detects and alerts on risky activities and any attempts to bypass security controls.

Credentials and API keys should not be hard-coded into applications or scripts. They are an easy target for hackers—especially if stored in clear text—and virtually impossible to monitor and track. Clango Innovation Labs can develop integrations that give your automated tools and scripts access to credentials and keys stored in the Enterprise Password Vault.

The cloud has proven to be a boon to business, providing unprecedented agility and simplicity, but it increases security risks if not properly managed. Let our CyberArk consultants and engineers help you apply robust privileged account management to your cloud environments.

If you’d like to learn more about Privileged Account Management, send us an email at

Leave a Comment