Using Software Containers for Privileged Access Management in Cloud Environments: A Novel Approach to Handle Access Management for Cloud-based Networks
DOI:
https://doi.org/10.13052/nbjict1902-097X.2020.013Keywords:
Cloud security, container, privileged access management, cloud computing, third-party accessAbstract
This paper presents a novel approach for privileged access and session management using containers. Current solutions are built using proxies, proxy suites or jump servers, but they do not cater for third party remote access security requirements, have additional vulnerabilities and have scalabilty limitations.
The novelty of the solution proposed in this paper is a global orchestrator that instantiates a purpose-built container adapted to the virtual network functions’ system. Every container has a logging function, a pre-defined time-to-live and one-time-credentials. This approach is secure because the containers isolate different connections, privileges are restricted, permissions are always time-limited and the provider has full control over the sessions. The solution brings several other security enhancements, discussed in this paper.
References
R. Kneuper, “Software Processes and Life Cycle Models. An Introduction to Modelling, Using and Managing Agile, Plan-Driven and Hybrid Processes”, Springer, 2018, ISBN 978-3-319-98844-3.
M. Steinhoff, “About problems and requirements with privileged access and authorization management in cloud-based multi-tenant networks”, 2020, In: Proceeding: International Symposium on 5G & Beyond for Rural Upliftment 2020. e-ISBN: 9788770222174 doi: https://doi.org/10.13052/rp-9788770222174.
Verizon, “2019 Data Breach Investigations Report”, 2019.
H. Schulze, “2019 Cloud Security Report”, ISC2, 2019.
Gartner, “Magic Quadrant for Privileged Access Management”, 2018. ID G00356017
CyberArk, “Privileged Access Security”, version 11.2, 2020. Url = https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Introducing-the-Privileged-Account-Security-Solution-Intro.html, 2020-02-21.
BeyondTrust, “Prvileged Remote Access”, 2020. Url = https://www.beyondtrust.com/de/remote-access, 2020-02-21.
Centrify, “Centrify Privileged Access Service”, 2020. Url = https://www.centrify.com/privileged-access-management/privileged-access-service/, 2020-02-21.
SSH Communications Security Inc., “PrivX® – lean, modern privileged access management”, 2020. Url = https://www.ssh.com/products/privx, 2020-02-27.
SSH Communications Security Inc., “Web Access Architecture”, 2020. Url = https://help.ssh.com/support/solutions/articles/36000166941-web-access-architecture, 2020-02-27.
Ping Identity, “PingAccess. Access security for apps and APIs”, 2020, Url = https://www.pingidentity.com/en/software/pingaccess.html 2020-02-27
OWASP, “Owasp Top 10”, report, OWASP foundation, 2017.
Cloud Security Alliance, “Top Threats to Cloud Computing: Egregious Eleven”, Report, 2019.
D. Catteddu, G. Hogben, “Cloud computing - benefits, risks and recommendations for information security, report, ENISA, 2012.
M. Iorga, “Challenging security requirements for us government cloud computing adoption, 2012.
