Secure Your Cloud: A Quick Guide to Identity Discovery

Let me ask you a question. How confident are you that you are seeing all of your identities in your multi-cloud environment? Now, if you're like most people, the answer is somewhat to we're actually flying blind. Well, if that's your answer, then let's talk about Cloud Identity Discovery. I'm Jeff Carpenter with Delinea and I'm going to lead you through this discussion today.

So, at the heart of Cloud Identity Discovery is your vault. And in this case, the Delinea best-in-class Secret Server, available on the Delinea platform or on prem. Now, Secret Server is well known in the industry as being one of the best solutions for making sure we're discovering and we're finding our privileged admins on prem.

For our server admins, your proxy server, your firewall server, your database administrators. Going out there and scanning, finding, discovering those admins, and making sure that their credentials and their secrets, so their passwords, their keys, etc., are locked up in the vault, and that we do just in time access to make sure that those users get what they need when they need it. But not too much access and not standing privileges.

But now, you enter in these cloud environments here. And by the way, according to Microsoft, 62 percent of us now have a multi-cloud environment. So as much as Microsoft would love everybody to be on Azure, um, the truth is that there's a whole bunch of AWS and a whole bunch of Google out there as well.

And just through acquisitions and the normal growth of our organizations, we're now in this multi-cloud framework. And within these clouds, we have human and non-human users. So, we've got the human users, we've got the machines, you know, our virtual servers. We've got Kubernetes and containers out here.

We've got data. And we have third parties—so contractors, vendors, DevOps people that we hire, we give access to, they come into our cloud environment. And this makes it very convoluted and confusing. So, what we've done at Delinea is we've added another layer of capability to our Secret Server solution.

We call it Cloud Identity Discovery. And what it does is, it goes out and explores these cloud environments. Your Azure, your AWS, your GCP. But the secret sauce here is that we combine that with your identity provider. Because a lot of what is going on out there? Think to yourself, do you have a single source of truth for all your identities, or do you have multiple sources?

Well, most of us now have multiple sources out there. So, we're using an Okta deployment, a Ping deployment, an Entra, Microsoft Entra ID, in addition to our traditional Active Directory and Azure AD. So, right, we've got multiple IDPs. Out there, multiple identities and what we're doing with Cloud Identity Discovery is we're going out and we're looking at these properties. We’re scanning them using our connectors, not scripts, which can break, but actual connectors, and then we're correlating it with your identity providers to find those admins out there.

Because traditionally, just a normal scan might pick up somebody who has a group membership, admin, but will not pick up somebody who is a cloud developer, who is in fact, that we can find through our connections to the IDP, we can see what groups they're involved with, what policies, what they have access to, how they got that access, etc.

We correlate all of that, and then we can make lists. Of who your AWS users are, your Azure users, your AWS users and your GCP users, but it doesn't stop there because the critical final step is then to take these users here and these users are, by the way, Human and non-human. So, machines as well that may have.

So, for example, you have virtual machine test bed that has access to read write data that is a privileged user. So, we take those credentials and we're able then to securely add them to the delineate secret server vault. With all of the rights and all of the things, uh, the permissions and the checkouts and the audits and the visibility that that gives you.

So, it's a pretty awesome tool, Cloud Identity Discovery, a capability that you're able to add to your secret server deployment and uh, see what's in your cloud, be able to discover those admins and securely vault those credentials. For more information, check out delinea.com