Thycotic announces the acquisition of Onion ID
June 2020 by Marc Jacob
Thycotic announces the acquisition of PAM solution provider Onion ID. With the acquisition, Thycotic adds three new products to its PAM portfolio: Thycotic Remote Access Controller, Thycotic Cloud Access Controller and Thycotic Database Access Controller. This acquisition extends Thycotic’s industry leadership for emerging PAM use cases protecting access to SaaS applications, IaaS infrastructure, and ensuring remote workers stay productive and secure.
Anirban Banerjee, CEO and Founder at Onion ID, adds, “By joining forces with Thycotic, we are enhancing our commitment to delivering user-friendly authentication, authorization and auditing to cloud servers, databases and applications. We are launching a diverse set of next-generation PAM 2.0 offerings in the market which will enable enterprise customers to elevate their security controls above and beyond current best of breed solutions and reduce costs with secure remote access.”
Enforcing Zero Trust for Remote Workers and Third-Party Access
The explosion of remote workforces have led enterprises to adopt a Zero Trust security approach for remote employees and third parties who need access to corporate resources. The principle of least privilege should guide all remote access channels, ensuring that third parties have access to only those resources required to do their jobs. Security teams must control who can access what and when, in order to protect corporate resources and comply with regulatory mandates.
Thycotic Remote Access Controller solves this by simplifying and automating the management of remote workers accessing the IT resources. The Controller uses multi-factor authentication (MFA) and session recording, without requiring any software or browser extensions, to provide an advanced level of security granularity to enforce corporate security and compliance policies. With its API suite that can be integrated into automated workflows and ticketing systems, Remote Access Controller streamlines access grants for contractors within a centralized web portal.
Protecting Enterprise Cloud Assets
With 80 percent of IT budgets already committed to cloud solutions, Gartner warns that the move to the cloud does complicate PAM challenges. For most organizations this then makes PAM unmanageable without automated processes and specialized tools.
Thycotic Cloud Access Controller ensures that administrators accessing IaaS platforms such as Amazon Web Services (AWS) and SaaS applications like Salesforce and Twitter maintain appropriate Role Based Access Controls (RBAC) which dictate what each user can click, read, or modify within any web application. Administrators also have a centralized dashboard which displays what applications have been accessed, access removal, audit report production and more, for tighter security and streamlined compliance.
Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, said, “Cloud Management consoles, like those on Azure, AWS, and GCP, pose significant security risks to every company. Over-privileges are a common fact and most organizations lack granular visibility into whether privileged users have unnecessary entitlements and provisions.”
Controlling Access to Databases
The increased adoption of cloud-hosted databases have further complicated privileged access and compliance requirements for security teams. Databases containing sensitive employee and customer PII are an increasing area of focus for auditors and are prime targets for hackers.
Thycotic Database Access Controller enables enterprises to adopt modern cloud databases from AWS (RDS), Google, Azure, Oracle, Redis, and others, while still enforcing appropriate access levels, MFA, and complete reporting and auditing workflows. Now customers can record entire database access sessions, provide just-in-time access, report and log actions, generate alerts and cut off connections in an automated manner. Database access management is no longer manually intensive or complicated.
Financial terms of the Onion ID deal have not been disclosed. As part of the transaction, Onion ID will operate under Thycotic brand and leadership.