Organisations implement privileged access management (PAM) to protect against the threats posed by credential theft and privilege misuse. PAM refers to a comprehensive cybersecurity strategy that comprises people, processes and technology in order to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.
Sometimes referred to as privileged identity management (PIM), or privileged access security (PAS), PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions.
The principle of least privilege is widely considered to be a cybersecurity best practice, and is a fundamental step in protecting privileged access to high-value data and assets. By enforcing the principle of least privilege, organisations can reduce the attack surface and mitigate the risk from malicious insiders or external cyber-attacks that can lead to costly data breaches.
Privileged access can be associated with human users as well as non-human users such as applications and machine identities.
Privileged accounts, credentials and secrets exist everywhere: it is estimated that they typically outnumber employees by three to four times. In modern business environments, the privilege-related attack surface is growing as fast as systems, applications, machine-to-machine accounts, cloud and hybrid environments, DevOps, robotic process automation and IoT devices become increasingly interconnected.
Attackers know this and target privileged access. Today, nearly 100% of advanced attacks rely on the exploitation of privileged credentials to reach a target's most sensitive data, applications, and infrastructure. If abused, privileged access has the power to disrupt business.
Over the past decade, there has been numerous security breached linked to privileged access abuse. From Yahoo!, the massive breach at the U.S. Office of Personnel Management, the attack on Ukraine's power grid, the Bangladesh Bank breach and even the highly publicised Uber breach - the common denominator in each attack was that privileged credentials were exploited and used to plan, co-ordinate, and execute cyber-attacks.
Organisations face several challenges protecting, controlling and monitoring privileged access, including:
Humans are your weakest link. From internal privileged users abusing their levels of access, or external cyber-attackers targeting and stealing privileges to operate stealthily as "privileged insiders", humans are always the weakest link in the cybersecurity chain.
Privileged access management helps organisations ensure that people have only the necessary levels of access to do their jobs. PAM also enables security teams to identify malicious activities linked to privilege abuse, allowing swift action to be taken to remediate risk.
In digital business, privileges are everywhere. Systems must be able to access and communicate with each other to work together. As organisations embrace cloud, DevOps, robotic process automation, IoT and more, the number of machines and applications that require privileged access has surged and the attack surface has grown.
These non-human entities vastly outnumber the people in a typical organisation and are harder to monitor and manage - or even identify at all. Commercial-off-the-shelf (COTS) apps usually require access to various parts of the network, which attackers can exploit. A strong privileged access management strategy accounts for privileges no matter where they "live", whether on-premises, in the cloud or in-hybrid environments, detecting anomalous activities as they occur.
Cyber-attackers target endpoints and workstations. In an enterprise, every single endpoint (laptop, smartphone, tablet, desktop, server, etc.) contains privilege by default. Built-in administrator accounts enable IT teams to fix issues locally, but they also introduce great risk.
Attackers can exploit admin accounts, then jump from workstation-to-workstation, steal additional credentials, elevate privileges, and move laterally through the network until they reach what they're looking for. A proactive PAM program should account for the comprehensive removal of local administrative rights on workstations to reduce risk.
PAM is critical for achieving compliance. The ability to monitor and detect suspicious events in an environment is very important, but without a clear focus on what presents the most amount of risk, the business will remain vulnerable.
Implementing PAM as part of a comprehensive security and risk management strategy enables organisations to record and log all of activities that relate to critical IT infrastructure and sensitive information - helping them simplify audit and compliance requirements.
Organisations that prioritise PAM programs as part of their larger cybersecurity strategy can experience a number of organisational benefits, such as mitigating security risks and reducing the overall cyber-attack surface, reducing operational costs and complexity, enhancing visibility and situational awareness across the enterprise and improving regulatory compliance.
The following steps provide a framework to establish essential PAM controls to strengthen an organisation's security posture. Implementing a program that leverages these steps can help organisations achieve greater risk reduction in less time, protect their brand reputation and help satisfy security and regulatory objectives, with fewer internal resources.
SysGroup partner with CyberArk, the leading PAM vendor. We have a range of solutions that can help you manage your privileged accounts. Get in touch to discuss options.