Announcing Cloud Privileged Access Management


Managing access to cloud infrastructure is one of the biggest security challenges faced by businesses today. These systems – AWS, GCP, Azure, Snowflake, and so on – form the operational backbone of your business. They house sensitive customer data. They run your products and services. Yet, most companies revert to traditional access management patterns and grant long-standing access to these critical systems because they lack the tools to achieve least privilege.

We can do better. There’s a future where you have zero standing privileges for sensitive access and all granted access is justified. Where you have full visibility into the permissions for all of a user’s accounts. Where you can identify and remediate permission issues in the click of a button. Where self service and automation takes the place of “create a Jira ticket please.”

Today, ConductorOne is introducing our Cloud Privileged Access Management (CPAM) solution. This is a major step forward in our ongoing mission to secure workforce identity and access. With ConductorOne CPAM, security engineering & IT teams can manage permissions and enforce policy for cloud resources in order to achieve least privilege access. (Note: Customers with hybrid infrastructure and on-prem systems are supported too!).

CPAM makes it dead simple to govern sensitive access to all of your systems, without getting in the way of productivity for your technical users. These new capabilities help companies:

  • Manage access to cloud infrastructure accounts in AWS, GCP, Azure, Snowflake, and more
  • Define access management “as code” using our Terraform provider
  • Grant just in time (JIT) access to privileged roles and sensitive resources
  • Escalate temporary access requests using emergency access workflows
  • Convert standing access rights into just-in-time access
  • Manage permissions and requests with the ConductorOne command line tool (“cone” CLI)
  • Automate tasks and build custom tooling with a public API
  • Secure access to backoffice portals and homegrown apps with our Baton Connector SDK
  • Apply least privilege access controls to on-prem or non-cloud native infrastructure such as Active Directory, LDAP, Postgres, and Microsoft SQL Server

Making Least Privilege a Reality

Our vision for ConductorOne is to secure workforce identity and access through a unified platform. Traditional PAM solutions simply weren’t built for the cloud, or for modern teams. “dash-a” accounts suck. Leaving your terminal to go to a web UI to request an SSH key to a machine sucks. Losing sleep over your engineering team having long standing access to sensitive cloud accounts sucks. In the cloud, privilege isn’t just about accounts – it’s about permissions, and users getting the right levels of access to do their job. Elevating access levels should be seamless and easy… and then the permissions should be gone. This is how least privilege is achieved.

 “Elevating access levels should be seamless and easy… and then the permissions should be gone. This is how least privilege is achieved.”

And our customers agree. Julien Colombain, Software Engineer at Ramp, says “We are able to significantly reduce our standing AWS permissions by moving to just-in-time access. Our CLI tool integrates with ConductorOne so our engineers can access the resources they need without having to worry about missing permissions. Requests are routed efficiently and provisioned automatically. It’s a seamless experience that keeps the team productive and much more secure."

To learn more about how CPAM works, check out the docs here.

We’re just getting started.

We are a team of builders and we’re inspired to be working on the next generation of access governance and permissions management for modern companies. We have an incredible team, a great market, a hard-working and high ownership culture, and we LOVE our customers. We can’t wait to share what else we’ve been working on! Stay tuned :)