Why should privileged access management be a top security priority?

Working practices over the last year have drastically changed and with that our need for digital transformation has developed at a faster pace than anticipated.

The historical model for protecting our organisations, by keeping the hackers outside the perimeter, is no longer enough and as adoption of cloud increases so do the security risks associated to privileged access. The simple truth is that attackers have become experts at password hacking and phishing techniques, which lead to compromised accounts and stolen credentials.

Privileged accounts are the key to the kingdom as they have access to your most critical business systems. Once attackers have a foothold and gain access to your business systems, they move laterally around these systems to assess your network and identify where your valuable assets are.

Their goal? To cause business disruption and extract data.

Forrester reports that 80% of breaches involve privileged access abuse. 

To ensure a successful security strategy for the new way of working, we must assume the attacker is already inside.

What is a privileged account?

Privileged accounts exist everywhere and have access to your critical systems and most sensitive data. These accounts have access to your servers, database, networked devices and applications. Third-party services also have privileged accounts in order to perform updates and maintenance.

There are two types of users – human and non-human. Some PAM vendors categorise these as:

Examples of privileged access used by humans:

  • Super user account: A powerful account used by IT system administrators that can be used to make configurations to a system or application, add or remove users or delete data.
  • Domain administrative account: An account providing privileged administrative access across all workstations and servers within a network domain. These accounts are typically few in number, but they provide the most extensive and robust access across the network.
  • Local administrative account: This account is located on an endpoint or workstation and uses a combination of a username and password. It helps people access and make changes to their local machines or devices.
  • Secure socket shell (SSH) key: SSH keys are heavily used access control protocols that provide direct root access to critical systems. Root is the username or account that, by default, has access to all commands and files on a Linux or other Unix-like operating system.
  • Emergency account: This account provides users with administrative access to secure systems in the case of an emergency. It is sometimes referred to as firecall or break glass account.
  • Privileged business user: Is someone who works outside of IT but has access to sensitive systems. This could include someone who needs access to finance, human resources (HR) or marketing systems.

Examples of non-human privileged access:

  • Application account: A privileged account that’s specific to the application software and is typically used to administer, configure or manage access to the application software.
  • Service account: An account that an application or service uses to interact with the operating system. Services use these accounts to access and make changes to the operating system or the configuration
  • SSH key: (As outlined above). SSH keys are also used by automated processes.
  • Secret: Used by development and operations (DevOps) team often as a catch-all term that refers to SSH keys, application program interface (API) keys and other credentials used by DevOps teams to provide privileged access.

For every one person in an organisation, on average there are three-five times as many privileged accounts and even more for non-human users.

It has become a top priority for organisations to have a strategy in place where they can identify their privileged users, while having the ability to secure, manage and monitor these accounts, as well as detect and respond to any threats these accounts may bring.

How can we break the attack chain?

Tools can store, rotate and isolate credentials for both human and non-human users. The end user never needs to even see their credentials. By having a Privileged Access Management (PAM) Tool in place, an organisation can secure, monitor and block the attack route – as it’s happening.

In addition to this, having the ability to be able to monitor and isolate sessions means that attack chains are broken when access outside the stated permissions occur.

Challenges

Managing privileged access is a challenge and working out where all privileged accounts are and then securing them is difficult. This type of access is required for many employees and insufficient PAM policies place critical systems at risk. As we move more and more to cloud applications, our environments grow and adapt so securing privileged accounts in real-time can put a strain on the time taken to manage them all.

While processes must be put in place, if they are manual they can become a burden to stretched IT Teams and stages may be skipped or shortcuts created to reduce time.

Strict protocols need to be in place, but these can slow down users and prevent them from getting on with their job.

Finding the right balance of managing, securing and isolating presents a real challenge.

The solution

Privileged Access Management tools save time, money and mitigates risk to the organisation. PAM tools reduce the need for resources to spend time manually managing access and gives one central hub to identify where privileged exists.

By having a solution in place, it provides an efficient, secure way of being able to store and rotate passwords which otherwise the end user stores, or the IT Team provides on request. It also gives the ability to control access in a simple and efficient way, giving IT teams their time back to concentrate on other areas. Other benefits include:

  • One central hub where all sessions are recorded, giving an auditable trail and the ability to automatically stop any session instantly when it becomes a risk.
  • A clear view of any errors that may have been made or what the user accessed and when.
  • Efficient tools that provide a fast and secure way of managing access, meeting compliance, monitoring what systems are accessed and when, while automatically stopping sessions where the user is prohibited from accessing.

If you’d like to understand your current privileged estate in more detail, have a listen to our podcast or if you’d like to understand your privileged estate in more detail, speak to your Phoenix representative to enquire about a free discovery and audit tool.