Companies get breached every day and you probably hear every day of the risks associated with privileged accounts. But do companies and organizations also know and understand how costly and challenging it is to manage them? The number one most important measurable way to protect your company from getting breached is to make sure your privileged and non-privileged accounts are managed properly. Eight out of ten times, the breach happens on the accounts that already have privileged access to companies’ confidential data or any type of access to company data. Privileged access is not only on servers, databases, switches, routers and firewalls, it exists on ALL of your employees’ workstations. Privileged access controls have been identified as one of the big initiatives for 2018 in organizations to help mitigate risk from advanced attacks. Privileged access management not only reduces risk, but has business benefits, that keeps organizations safe, operational, productive and against the threat of being hacked. Companies and organizations, no matter what size, must have a strategy not only to manage and monitor privileged access but also detect and respond to threats. By having a strategy to detect and respond to threats it will help mitigate the risk from today’s advanced attacks. Companies need to find a phased approach to better understand their security goals with next-generation Privileged Account Management capabilities including privileged elevation and delegation management and privileged user behavioral analytics.
There are four pillars of Privileged Account Management that a company should follow:
- Track and Secure – track all of your privileged accounts and secure them in a “vault”; inventory and onboard all privileged accounts in a next-generation PAM solution
- Govern & control – someone or something should have exactly the minimum rights required to carry out a specific task; nothing more, nothing less!
- Record & audit – record all activities on those privileged accounts and audit them as often as possible or at a minimum of every 60 days
- Operationalize – Gradually increase level of control and auditing
Although privileged access has been identified as a top security control by multiple experts, organizations are still hesitant about moving forward. The reason being, they view the Privileged Access Management project as being over complex, and/or drain on resources. Some organizations try to implement too much too soon, making it a very complex transition. It is always recommended to take a phased approach; start slow, and begin any Privileged Access Management project with a clear focus and a predetermined list of objectives. No one part of your security stack will fully protect your organization from endless types of cyberattacks. However, by prioritizing privileged access, you can implement strong controls around your most sensitive assets.
There are various solutions available for Privileged Access Management, securing the most critical layers of organizations’ infrastructure, data and assets; on-prem, cloud, and DevOps environments. By implementing a Privileged Account Management (PAM) solution you will be protecting your organization against external hackers as well as insider threats. So if your organization has not already started on a phased approach to implement a Privileged Account Management solution, now is the time to start.
Reena Parekh is an associate director at KPMG with more than 17 years of management and leadership experience in IT and more than 10 years of experience in Identity and Access Management. She is one among the lead architects in Identity and Access Management Group who focus on deploying latest technologies with KPMG Global. With numerous achievements, certifications and awards, Reena ensures that KPMG is succeeding and protected in the competitive, emerging and cutting edge Cybersecurity World.