It has become quite challenging for organisations to implement and maintain good information security posture because of changing network landscape. With the uptake in cloud based infrastructure and applications, the perimeter has started to disappear which has made credentials the last line of defence. Cybercriminals know this, which explains the rise in Phishing, Vishing and Smishing (SMS Phishing) attacks that trick a user into disclosing their credentials.
If a cybercriminal can obtain valid user credentials, they can walk straight past through all the defences without raising any alarms and if they end up compromising the credentials of a user with several privileges, they can cause irreparable damage to the organisation’s business.
Furthermore, there is also the case of disgruntled employees or internal staff with malicious intent that are abusing their privileges to steal information and sell it to cybercriminals or competitors generally for monetary gains.
So, how can we defend against a malicious attacker acting as an internal employee or a disgruntled user abusing their privilege? The answer is by Privileged Access Management (PAM). Let’s first define what is PAM? Simply put, it is management of access privileges and monitoring of users with privileges within an organisation. It is a critical part of the overarching Identity & Access Management program. Let’s look at some examples.
A system admin generally has full admin level privileges for all systems used by an organisation. They have been given this privileged access to administer the systems. But how can we be sure that these users are not abusing their privileges to steal sensitive information held by an organisation and sell it for monetary gain?
In a second example, let’s consider a user in the payroll department. This user may not be a privileged user like the system admin but this user has a specific privilege that allows him/her to transfer funds on behalf of the organisation. Since this is a critical privilege, this user can be targeted by cybercriminals because they know they can use this user’s credentials to steal money out of the organisation’s bank account.
Most organisations today have more than the required number of users with admin privileges or have users with more privileges associated with their account than they require. This leads to a “free-for-all” network access which can be used by cybercriminals or disgruntled internal users to compromise the sensitive information held by an organisation.
Therefore, Privileged Access Management is must for organisations to identify & block malicious behaviour to prevent a security breach and record all user access activity to provide as evidence in case of prosecution.
The three important features of an enterprise grade PAM solution are as follows:
- A good PAM solution will allow an organisation to tie each account with a rightful owner and stop the usage of shared accounts. This provides accountability and non-repudiation.
- A good PAM solution will also allow an organisation to give a user the exact amount of privileges they require to do their job – no more, no less. This stops privilege creep. The PAM solution will also help an organisation to revoke privileges of a user when they move job roles or leave the organisation.
- A good PAM solution will also monitor and record all privileged access activity for users/account to identify anomalies, malicious behaviour and provide proof for the same when required.
While the above technology features are good, most business leaders reading this would go how does that help us grow our business? To answer this, some of the business benefits of a PAM solution are as follows:
- Prevent data breaches – Monitoring, recording and auditing privileged access will give an organisation visibility into malicious activity such as a user trying to escalate privileges or trying to break beyond their realm of associated privileges. Blocking such activity would enable an organisation to prevent breaches and maintain the business’s reputation.
- Regulatory Compliance and Audit – Auditors and regulatory bodies are continuously asking organisations to implement necessary controls to identify and prevent a breach. Implementing a good PAM solution can help business leaders meet regulatory compliance and audit standards which will provide confidence to other organisations partnering with their organisation and help in business growth. Good security practices and compliance certifications can give your organisation a competitive edge over your competition.
- Agile Access Management – Deploying a PAM solution will provide an organisation the ability to quickly provision or decommission a user account with the “right” privileges. PAM solution will also provide visibility into unused accounts and shared accounts which should be removed or decommissioned. Therefore, the PAM solution will make the internal processes for provisioning of access agile and help in business growth.
PAM solution can be used by any organisation big or small. Generally, organisations which hold large amount of sensitive data such as personal details, financial details and health records get the most out of this solution.
If you believe your organisation has a requirement for a PAM solution and would like to chat to us, please contact us.