CloudGuard Dome9 Feature Enhancement: IAM Safety
CloudGuard Dome9 IAM Safety is a public cloud Privileged Identity Protection for Amazon Web Services (AWS) IAM users and roles. It provides just-in-time access to the most sensitive operations in AWS.
We’re now enhancing the capabilities of IAM Safety, with better support for groups and better workflows.
The changes include:
- Each IAM user/role can now be controlled by a group of Dome9 Users, and each Dome9 user can control a group of IAM users/roles.
These new capabilities would allow a real team-based work in IAM safety. A use case example is explained later.
- Simplified UI, reducing the number of screens to improve usability.
- Enhanced UI capabilities, including multi-select, which would help Dome9 users to be more efficient.
- Added screen to present active permission elevations, to monitor current status.
New Major Use Case:
As mentioned above, with the new enhancements it is now possible to work in teams. For example, you can provide the Security Team access to Dome9, and let each team member control the IAM permission elevation of other AWS IAM users (Developers, DevOps and others). When AWS IAM users need to perform an operation restricted by IAM Safety, they can contact one of the Security Team members, explain the need, and ask for permission elevation. The Security team member can then login to Dome9 and authorize the permission elevation for the relevant IAM users or roles, for a specified time frame. When the time expires, the IAM restrictions are applied again.
For more information on IAM Safety visit our new documentation site:
Is there any possibility to extend mobile app to grant elevation to users managed by a dome9 manager? Far as I know, today app users are only able to elevate themselves.
Good to hear! Would love to get feedback, you can contact me directly.
We're working on updating the mobile application to support the new capabilities. The new version is already in motion, it should soon pass the app stores certification process.
I'll update when it's published.