Workplace change is accelerating, and it looks like the pandemic remote work boom is here to say.
Networked devices, from printers and sensors to mobile phones and microchips, have mushroomed and bled into our private lives as well as our work lives. And cybersecurity teams have got busier than ever before.
That’s because, as attack surfaces have multiplied, so have threats. Cybercrime in Australia rose 13% last year, with the average global cost of a data breach up 10%. The most damaging breaches? Those where cybercriminals gain access to privileged accounts that give them access to highly confidential data and crucial systems.
Securing privileged accounts looks like a no-brainer, at least in theory. But what does securing privileged accounts look like in practice? What are the ins and outs of privileged access management and how can cybersecurity managers implement it successfully?
Why does privileged access management matter?
A criminal who gains access to a regular corporate account may be able to cause significant damage as it is. But by exploiting the credentials of a privileged account – whether it’s owned by HR, IT or the C-suite – threat actors can compromise your entire organisation fast.
This shortcut to success is why “spear-phishing” or “whaling” attacks targeting specific senior figures are becoming increasingly common. By implementing tighter controls on the actions and access of users with powerful credentials, privileged access management can help organisations neutralise that growing threat with minimum friction.
Privileged access management vs identity and access management
Privileged access management (PAM) is a subset of identity and access management (IAM). IAM solutions identify and authorise users across an organisation, often using passwords alongside other credential checks in multi-factor authentication (MFA).
Most companies follow the principle of least privilege, meaning that each user only has the bare minimum access they need to do their job. Administrator-style privileges, such as accessing sensitive information, reconfiguring apps and adding or deleting users, are only given to trusted accounts. PAM arranges these user types, typically technical, legal or executive roles who need special access to do their jobs, into groups.
PAM systems manage the accounts, storing credentials and enforcing policies. Because these systems are kept separate from other IAM solutions, they can be secured quickly, and may use unique authentication techniques.
How do you implement Privileged Access Management?
There are a few key steps in implementing a privileged access management (PAM) solution:
Consider how PAM will work with existing infrastructure (including cloud services) and security policies such as least privilege (essentially a prerequisite) or zero trust
Identify which accounts have special access to privileged data or functions
Build policies to mitigate threats to these accounts – you might enforce MFA to reduce the risk of successful password attacks, or keep a register of all privileged sessions to help identify dangerous patterns of use
Engage with stakeholders and key users before roll-out
Choose a PAM solution that will suits your organisation – the automated tools, password management functions and portal vary greatly between different platforms
Now, let’s drill deeper into best practices and what an ideal PAM solution should look like.
Security managers must control and track all access
The process of onboarding privileged accounts may be best undertaken in waves (giving you time to get it right) and by platform (so you can focus on specific account types). But you must ensure there are no exceptions.
That means constantly tracking and reviewing your list of users – if a privileged account slips through the net, attackers have a direct line to your organisation’s heart. Indeed, privileged access may be best managed as a temporary rather than perpetual state, so that it’s granted for a short period and then removed.
Collecting user data will help shape your policies as the program matures, and – via the principle of least privilege – means you can track and remove accounts that shouldn’t have access. Continuous, real-time monitoring and logging is crucial here, and these logs must be audited frequently. Many platforms offer visualisations of privileged activity, although reviewing these recordings can be a repetitive task – some PAM products have AI tools that can automatically identify and highlight unusual activity.
Use automation and tools for reliable PAM
Other repetitive tasks, such as log management, software maintenance, managing third-party access and simple configuration changes may also benefit from automation. When used effectively, automation helps ensure consistency and frees up security teams to focus on high-level tasks that require human input.
Crucial tools in the PAM kit include identity, governance and administration (IGA) for the creation, maintenance and removal of accounts, while change control tools can be used to manage temporary PAM access.
Privileged access management and cybersecurity today
As remote work and IoT devices complicate cybersecurity, what was once a clear perimeter has become an ill-defined fuzzy boundary. Cybercriminals are thriving in these shadows, focusing their efforts on key staff, whose access privileges offer rich pickings.
Privileged access management, when set up with the right policies, tools and automation, allows you to protect these key assets. Think of it as tougher armour for your vital functions – and, in a security climate in which old certainties can no longer be trusted, think of it as nigh-on essential to your organisation’s security.