For the second year in a row, Privileged Access Management (PAM) is listed as a top security priority by Gartner. Despite being around for decades, PAM tools are becoming increasingly vital as organizations’ access privileges become more complex. In fact, experts predict that more than two thirds will implement PAM in their enterprise by 2020. Read on to find out why it has become such a priority, and why your organization should stay ahead of the curve and adopt a PAM solution.
Regulations are on the rise
Though the EU’s General Data Protection Regulation (GDPR) dominated the news last year, it is far from the only regulation requiring organizations to take action to protect their data. Industry regulations are quite common and are only getting stricter as technology becomes more sophisticated. PAM solutions are an incredible asset when it comes to adhering to these requirements for several reasons.
First, passwords are always a security risk, especially those that must be shared within an organization because it is a communal asset like a server. In order to remain compliant, many industries, particularly those dealing with sensitive information like financial institutions, require frequent password changes. While this doesn’t seem like that much effort on the surface, when you scale it to thousands of servers, security administrators face an overwhelming challenge that is virtually impossible to meet. PAM solutions like Core Privileged Access Manager (BoKS) reduce or eliminate the need to share passwords, since technical controls restrict access only to authorized users, and can leverage stronger authentication methods. Core Privileged Access Manager can easily scale, with a single administrator able to manage accounts and access for thousands of servers.
Regulations like Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), and of course, GDPR, require that organizations have a clear segregation of duties (also called separation of duties) to prevent individuals from having too much control. IT departments are particularly prone to violations because root access is too widely distributed. By its very design, compliance is simplified with role-based, granular access controls that place limitations on who can get into your organization’s system, where, when and how they can access it, and what they can do with it.
PAM solutions also provide keystroke logging, which notes every action that a user makes, preventing suspicious activity from going untraced. This can greatly simplify auditing efforts. Additionally, Core Privileged Access Manager (BoKS), provides automated reports, saving administrators time by consolidating user activity logs to prove compliance.
Insider threats aren’t going anywhere
Last year, insider threats plagued industries across organizations. According to a survey completed by Cybersecurity Insiders, over 50 percent experienced an insider attack in the last twelve months. Experts agree that the coming years will be no different. In fact, the Information Security Forum’s Threat Horizon 2020 report predicts a rising risk of criminal organizations blackmailing and coercing those with privileged access to steal mission critical information without ever having to attack the systems themselves.
This new type of insider threat is in addition to those perpetrated deliberately by disgruntled employees or former employees, who pose a unique risk given their knowledge of the organization and their vengeful motivations. Finally, accidental insider threats from employees making mistakes, either through inattention or through poor training, will always be alive and well.
PAM solutions are ideal for every type of insider threat. PAM solutions enforce the principle of least privilege, which mandates that users only have the access necessary to their job functions. Linking access to job roles, and subsequently, individual accounts, eliminates the need for superusers that have universal access. These tools can also require additional authorization for high-risk servers, providing additional protection. Finally, PAM solutions provide user accountability through means like keystroke logging, as mentioned above.
Layered security is the only solution
The Cybersecurity Insider survey highlights two types of solutions in order to protect organizations from insider attacks – deterrence controls and detection controls. This underscores the value of a layered approach to security. PAM solutions, a deterrence [and prevention] control, are incredibly effective in preventing insider threats and helping organizations meet regulation standards, but are strengthened with the aid of other solutions.
One such additional solution would be a Security Information Event Management (SIEM) tool, considered a detection control, which takes chains of PAM-generated centralized logs and create co-related events that can demand instant action and attention from the business. For example, a SIEM solution would send a report the moment a security policy setting had been modified. Using a PAM solution, an administrator would be able to see how this action occurred, and who did it. By pairing PAM’s audit trail with a SIEM solution like Powertech Event Manager, an insider threat can be detected and neutralized quickly.
Privileged accounts will always be highly valuable to attackers, making increased regulations surrounding them all the more understandable. Taking a layered approach and creating a robust security portfolio will not only keep your organization in compliance, but safe from every type of attack.