Britive, the first dynamic Cloud Privileged Access Management (CPAM) solution, can now manage access to resources that aren’t accessible over public networks. Extend JIT, ephemeral access to servers, databases, internal applications, and more that reside on premises, in private or hybrid networks, or in VPCs.
Now you can unify, simplify, and secure privileged access management across all your organization’s resources—anywhere.
What’s new and how does it extend Britive’s capabilities?
As a cloud-native, API-first solution, Britive already seamless integrates with and handles access management for cloud resources (SaaS, DaaS, IaaS, Kubernetes, etc.).
Our new capability extends our ability to deliver JIT, ephemeral access to almost any type of resource. A resource is anything we can manage access and permissions for including servers (physical, virtual), databases, applications (commercial, OSS, homegrown), or even networking hardware.
Crucially, resources do not need to reside in a public environment or be accessible from the public internet. We can work with resources in VPCs, private or hybrid networks, or that reside on premises.
How does this work?
Britive acts as a resource broker and delivers privileges just-in-time (JIT). You still use Britive to create profiles, policies, and any approval workflows for access to the resource. What’s different is the highly flexible, extensible way we give our users control over the method of privilege brokering. Users control how they want access and permissions to be assigned on the resource. Britive then brokers this access, dynamically and JIT, to the resource with the proper permissions based on the method defined.
For example, say a server administrator wants to control access to which users can perform highly privileged actions via sudo.
One way is to have Britive dynamically place pre-approved users into and out of the sudoers group on the server. Access will be granted JIT when the user checks out this ability in Britive, and access will automatically be revoked either when the user checks the privilege back in or after a configured period of time.
When they have not checked out the sudoer permission, the user will still be able to access the server and perform any actions allowed by their account’s regular permissions.
But what if the server administrator wants to entirely eliminate standing access? Instead of placing existing user accounts into and out of the sudoers group, the entire user account could be dynamically created, added to the sudoers group, and then destroyed after a set period of time. (This could also be used for ephemeral creation of regular access users who do not ever get sudoer permission.)
Britive is agnostic to the method used on the resource to manage access. We simple broker the privileges JIT to the resource in whichever way the user desires.
Another important aspect of our approach is that, just like with our cloud integrations, Britive manages authorizations directly on the target resource, but we are not sitting in between your users and the resource.
This means we aren’t funneling all session traffic through Britive and creating a potential bottleneck or single point of failure. It also means that if a user has some level of regular access to a resource, they don’t need to go through Britive.
This contrasts with other access management solutions where all user access is proxied through their systems, potentially complicating the process for users and blocking all access if ever there is a service disruption with such a solution provider.
That sounds complicated… tell me more!
It may sound complicated, but it’s not! Britive is designed to unify, simplify, and secure privileged access on any resource in your organization. That’s why our resource brokering capability is extremely easy to deploy with minimal impact to your environment.
There is no complicated setup or network (re)configuration. Other solutions that broker access to resources on non-public networks require configuring proxies, modifying firewall rules, opening network ports, and more. This is time-intensive and can also undermine the security policies your networking team has carefully built up over years.
With Britive, there are no changes to your network required. It only takes a few minutes to get a new resource ready for Britive to manage access to it.
Even better, our flexible architecture allows us to manage access and privileges for homegrown applications or other resources that are challenging or impossible to manage with other access management solutions. There’s also not a lengthy development cycle required as is common with other vendors. We typically can onboard a new resource we have not seen before in a few hours or days.
Wrapping Up
We’re very excited with the new possibilities our new functionality enables for our customers. We now have the broadest coverage of possible privileged access use cases, regardless of where the resource is physically or virtually located.
New integrations can be deployed quickly without long development cycles required by other solutions. Britive is the only solution you need for managing privileged access for both human and non-human identities across public cloud, private and hybrid cloud, and on premises resources. It truly is cloud PAM—anywhere.
