AWS Partner Network (APN) Blog

BeyondTrust’s Identity Security Insights SaaS Offering, Supported by AWS SaaS Factory

By Oded Rosenmann, Global Practice Lead, SaaS Partners – AWS
By Mark Seaman, Sr. Business Architect, SaaS – AWS
By Peter Yang, Sr. Partner Solutions Architect – AWS
By Sam Elliott, Sr. Vice President of Products – BeyondTrust

BeyondTrust

In an era where cloud solutions are integral to business strategy, and automation has become a fundamental part of daily operations, identity security has taken center stage. Traditional methods of securing a network’s perimeter are giving way to more dynamic and sophisticated strategies. Why? Identities with their nuanced roles and access permissions are now key to protecting sensitive data and systems.

Organizations can no longer rely on prevention alone; they must also detect and act on identity-based anomalies quickly. By deploying a combination of prevention and detection, guided by solutions like identity and access management (IAM), organizations are poised to forge a new path to security.

This approach strengthens the overall security posture and keeps pace with the rapid evolution of technology, helping organizations stay one step ahead of potential threats. In this ever-changing landscape, solutions from industry leaders become crucial.

BeyondTrust is an AWS Partner and AWS Marketplace Seller with an AWS-qualified software offering. A leading innovator of identity-first security and recognized market leader in privileged access management (PAM) ranked by Gartner, Forrester, and KuppingerCole, BeyondTrust empowers organizations to secure and manage their identities and privileges.

The BeyondTrust Identity Security Insights solution enables organizations with clear visibility into all identities, privileges, and access, revealing their exact impact on their security posture. It provides a new intelligence layer to PAM solutions and third-party tools to detect threats resulting from compromised identities and privileged access misuse.

Working closely with the AWS SaaS Factory team, BeyondTrust navigated business and technical decisions to build a new software-as-a-service (SaaS) solution on Amazon Web Services (AWS).

“This latest step in our SaaS journey has been a significant one for BeyondTrust, full of both opportunities and challenges. The partnership with the AWS SaaS Factory team has been instrumental in guiding us through this piece of a complex journey. Their business and technical experts have helped us validate our assumptions, identify effective strategies, and accelerate our time to market. The collaboration was more than a partnership; it has helped enable us to continue to innovate with confidence and efficiency.” – Sam Elliott, SVP Products, BeyondTrust

Recently, we had the pleasure of sitting down with Sam Elliott, SVP Products at BeyondTrust, to discuss the new Identity Security Insights SaaS solution. Sam shared valuable insights about architecting their newest product based on a SaaS model, offering key takeaways that can benefit other software providers who are looking to adopt this delivery approach.

Check out the new Identity Security Insights SaaS Solution >>

Q&A with BeyondTrust

AWS SaaS Factory: Can you tell us about yourself and your role at BeyondTrust?

Sam Elliott: At BeyondTrust, I lead the product team as a Senior Vice President of Products, where I am responsible for our intelligent identity and access security portfolio of products. I work with an incredible team to build solutions that solve modern identity-security challenges.

SaaS Factory: Can you share which solutions BeyondTrust has built on AWS?

Sam: SaaS has played an important role in our commitment to provide better time to value and less resource-intensive deployments to our customers. Our journey began in 2017 on AWS, when we introduced our Privileged Remote Access and Remote Support offerings. The success of these products gave us the confidence to bring more new products to market, such as Identity Security Insights which is our most recent offering built on AWS.

SaaS Factory: Who are your target customers, and what specific personas might benefit from leveraging your solutions?

Sam Elliott: Security professionals looking to expand beyond preventative security controls who understand the importance of protecting the identity in order to protect their organizations would benefit from our solutions the most. We have seen this huge evolution to identity as the new perimeter and teams are really focusing in on the threats posed on digital identities, improving security hygiene, and achieving a stronger security posture.

SaaS Factory: What are the core features of Identity Security Insights solution and how it addresses current identity security challenges?

Sam Elliott: The three core features of Identity Security Insights are:

  • Intelligence layer that correlates data from BeyondTrust PAM and Identity Security solutions and third-party tools into a unified dashboard.
  • Detection of identity-related threats such as compromised identities, abnormal activity, and privileged access misuse.
  • Proactive security and threat mitigation recommendations that help optimize and improve your security posture.

By combining threat prevention and active threat detection into one solution, Identity Security Insights provides a level of identity visibility and protection that goes well beyond tools like security information and event management (SIEM), extended detection and response (XDR), and identity governance and administration (IGA). The solution helps organizations prevent identity-based risks with identity hygiene recommendations, as well as detect potential active threats.

This solution directly solves for the key security gaps organizations are challenged with:

  • Lack of unified and continuous visibility of identities, accounts, entitlements, and privileged access across all environments, especially in rapidly expanding cloud systems.
  • Lack of insight into the true impact or “blast radius” of users and their identities, if compromised.
  • Lack of insight into new attack paths created by the proliferation of new users, systems, and integrations in dynamic environments, or the threat posed by misconfigurations and how these can bury indicators of compromise.
  • Inability to quickly detect and remediate security events that involve multiple identities and accounts.

Identity Security Insights combines prevention and detection capabilities to help organizations achieve a stronger security posture than prevention alone.

SaaS Factory: What was the primary motivation behind transitioning to a SaaS delivery model, and how does it align with BeyondTrust’s overall strategy?

Sam Elliott: A lot of the initiatives we’ve been working on over the last few years have been centered around making our products more easily accessible to the broader market, and more in-tune with the needs of our customers and prospects. This means decreasing the cost and resources required to deploy our solutions, as well as decreasing the time-to-value. This is a really large driver behind our SaaS initiative.

SaaS Factory: How has the AWS SaaS Factory team supported your business transition to a SaaS delivery model, and what specific contributions have they made to the process?

Sam Elliott: Our AWS partners presented a series of best practices that were tailored to our requirements. We also reviewed our own implementation design proposals with them, and they provided us with feedback on topics such as authentication, authorization, and customer provisioning designs.

SaaS Factory: Can you walk us through the architecture? What AWS services are key?

Sam Elliott: Identity Security Insights is hosted on AWS​, with a modern cloud-first architecture leveraging microservices and designed with multitenancy from the ground up. It also uses complete AWS managed services (compute, storage, network), Amazon Elastic Kubernetes Service (Amazon EKS) for container orchestration, and AWS Lambda for serverless compute​.

Figure 1 – Architectural diagram of BeyondTrust.

SaaS Factory: How does BeyondTrust ensure the security and compliance of Identity Security Insights solution, especially in an ever-evolving regulatory landscape?

Sam Elliott: We are focused on setting high security standards for all of the products in the BeyondTrust portfolio. One of the ways we maintain our commitment to customer data security is by implementing strong controls in alignment with the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria. Additionally, Identity Security Insights is SOC2 Type 1 certified.

We integrate these key principles and security best practices from the start of development of a new product to ensure that security measures are built into the product’s architecture and development process. This helps to reduce the likelihood of security vulnerabilities or weaknesses being introduced later in the product’s lifecycle.

SaaS Factory: How has the AWS SaaS Factory team helped to address technical challenges you’ve faced?

Sam Elliott: The SaaS Factory team helped us review our SaaS architecture and data lake design, and they presented some best practice concepts. This support helped us validate that our design was viable and wouldn’t lead to future technical challenges.

SaaS Factory: Can you share any success stories or specific case studies that illustrate the impact of Identity Security Insights solution on a customer’s business or security posture?

Sam Elliott: Our early adopters of Identity Security Insights have provided the feedback that Identity Security Insights has allowed them to quickly discover and remediate security threats like unmanaged admin accounts, over-privileged accounts, potential on-premises to cloud privilege escalation paths, pivot points that attackers could use to go from personal email accounts to corporate admin accounts, opportunities for session hijacking, and more.

AWS SaaS Factory: What advice would you offer to other software providers considering a move to a SaaS model, based on your own experiences?

Sam: One piece of advice I would offer is that SaaS is more than just a technical implementation—it’s a business strategy. As such, it requires mental model shifts across the entire organization to ensure success, and that means taking time to educate and open up conversations about the impacts, value, and changes to workflows with all your teams.

Learn more about BeyondTrust’s newest product: Identity Security Insights, access a free trial to see it in action, or learn more about BeyondTrust’s complete intelligent identity and access security portfolio.

About AWS SaaS Factory

AWS SaaS Factory helps organizations at any stage of the SaaS journey. Whether looking to build new products, migrate existing applications, or optimize SaaS solutions on AWS, we can help. Visit the AWS SaaS Factory Insights Hub to discover more technical and business content and best practices.

SaaS builders are encouraged to reach out to their account representative to inquire about engagement models and to work with the AWS SaaS Factory team.

Explore today resources for any stage of your SaaS journey from design and build, to launch and optimization.

BeyondTrust – AWS Partner Spotlight

BeyondTrust is a leader in intelligent identity and access security, enabling organizations to protect identities, stop threats, and deliver dynamic access. BeyondTrust is leading the charge in innovating identity-first security and are trusted by 20,000 customers, including 75 of the Fortune 100, plus a global ecosystem of partners.

Contact BeyondTrust | Partner Overview | AWS Marketplace