Today, organizations with remote workers are subject to constantly evolving access-based attacks that demand tighter controls on privileged accounts.
Privileged access gives users elevated privileges in systems, applications and databases to perform functions like installing software or upgrading operating systems. This access presents special risks for misuse and abuse, such as the following:
- theft or leaking of sensitive data that can lead to financial and reputational damage
- command-and-control attacks that let an attacker stay hidden inside networks and remotely operate systems or extract data
- capturing user activity
- installing malware
- locking users out of their machines (ransomware)
- conducting illegal or unauthorized cryptocurrency mining
Privileged access management (PAM) solutions enhance security and compliance by helping IT teams gain control over privileged users and accounts. A combination of identity access management and PAM helps IT teams achieve visibility, insight and control across the organization.
A crucial role
To protect critical information, organizations must establish an Identity and Access Management
(IAM) program, including:
- Identity management – user life cycle management, self-registration, password management, role-based access control and identity proofing
- Access management – single sign-on, identity federation, multi-factor authentication (MFA) and password-less authentication (such as biometrics)
- Identity governance – role engineering (top-down, bottom-up, hybrid), segregation of duties (SoD), user access certifications and closed-loop remediation
- Privileged access management – just-in-time access, role-based security, live session monitoring, comprehensive reporting and password vaulting
Within IAM, privileged access accounts play a crucial role in keeping an organization’s systems running smoothly. A wide variety of privileged accounts perform myriad jobs, but knowing which accounts are intended for what purposes is a key step for protection, including:
Privileged access risks
- Service accounts – used by applications, virtual machines, or most commonly by operating systems to execute other applications or programs
- Firecall accounts – temporarily elevated access during an emergency to allow a user to perform a privileged action
- Domain administrator accounts – privileged access that spans across workstations and servers within a domain
- Application accounts – for applications to access databases, run scripts, or perform batch jobs
Many policies and processes to manage privileged accounts are manual, laborious and rarely enforced. This results in accounts that are forgotten or unmanaged.
These issues can arise in several areas, such as password management tools, security-policy enforcement software, centralized identity repositories, structured provisioning processes and automated reporting and monitoring.
Hackers aim to find a forgotten or unmanaged privileged account to get a foot in the door, which they then use to open the door wider for broader and more privileged access. Network systems and IoT devices often have embedded credentials that enable them to automatically make essential changes – but if hackers capture those embedded credentials, they can gain privileged access and wreak havoc.
Elevated accounts can also be used to track users, opening a window to compromise other credentials. The more user accounts that are compromised, the broader the issue can become, and the harder it is to secure critical organizational information. Administrative accounts can also be used to install viruses or other malware. The result can lock users out of their computers with a request for payment or to cover up fraudulent transactions.
The process for success
Implementing a PAM program can reduce privileged access risks and keep an organization secure through five steps:
- Define – define what “privileged access” means and identify what a privileged account entails for the organization. A typical example of a privileged account is an IT system administrator who has elevated access for things like installing system hardware/software, resetting passwords, accessing sensitive data, logging into all machines in an environment or making IT infrastructure changes.
- Discover – identify and locate all accounts that have elevated privileges within the environment. These could be application accounts, local accounts, service accounts, database accounts, third-party vendor accounts or any other account with elevated privileges.
- Secure and manage – secure privileged accounts; this is a critical step for business asset security in a modern organization. PAM solutions place privileged credentials within secure, centralized “vaults”, while also employing other measures such as one-time password generation, password rotation, SoD and least privilege checks.
- Monitor – deter the misuse of privileges and detect malicious activities by proactively recording and monitoring all privileged session activity. PAM enables organizations to record and monitor user activity during privileged sessions, helping security teams both deter and detect unauthorized use.
- Review and audit – identify unusual behaviors that may indicate a breach or an account misuse through continuous observation of how privileged accounts are being used. Store audit logs and session recordings in a tamper-proof vault to prevent privileged users from editing or deleting their history.
PAM is a critical priority for security teams. Putting an effective PAM program in place can be challenging, but lessons learned from previous implementations can help organizations avoid potential pitfalls:
- Define requirements – know your PAM objectives and how to achieve them prior to employing a PAM solution to ensure a frictionless integration without confusion.
- Implement processes, not just technology – avoid simply throwing technology at the problem by ensuring the correct processes are implemented along with it.
- Adjust where necessary – know where and when to adjust to maintain the overall workflow, enhancing security without decreasing efficiency.
- Recertify and automate – recertify privileged accounts to ensure appropriate permissions are assigned and still necessary; automation is your friend when it comes to recertification and PAM.
Managing Director, Cybersecurity & Privacy
+1 312 754 7219
Manager, Cybersecurity & Privacy
+1 312 602 8195