Overview

This topic describes how Secure Cloud Access enables end users, such as those in DevOps and Cloud Engineering, to natively and securely access the cloud management layer.

The Secure Cloud Access solution

Secure Cloud Access provisions just-in-time privileged access for administrative operations in multi-cloud environments, using the principle of least-privilege access. SCA enables operational efficiencies for IAM and Security teams implementing Zero Trust. This improves security posture by removing unnecessary standing access.

Additionally, all sessions are simultaneously protected and monitored for audit and compliance.

How does it work?

  1. End users that need access to the cloud management layer connect to their cloud environments via web console or CLI.

  2. The end users natively authenticate using either CyberArk Identity or another third-party IdP.

  3. In the background, SCA validates approved entitlements for an end user’s session. The end users then select the scope of their current task, ensuring least privilege access.

  4. Access for cloud management operations is elevated just-in-time to reduce the risk of compromised credentials. Sessions are time-bound and permissions are revoked automatically at the end of a session.

  5. Web-based sessions to the cloud console are recorded for audit and compliance. Additional session protection helps reduce the risk of browser hijacking.

SCA work flow

The following diagram provides a high-level work flow for the various users of SCA. Click a tile to learn more.

Workflow for various personas that use the SCA service