Check your privilege
Privileged user accounts provide access to each organisation’s most valuable and sensitive assets. In this blog post, Northdoor discusses how the management of privileged access often falls short of the required standard. We explain how deploying IBM Security Verify Privileged Vault (formerly IBM Secret Server) can help organisations take back control rapidly and cost-effectively.
As networks and infrastructure have grown, so has the attack surface for cyber criminals. Even mid-sized organisations today may have thousands of different physical and virtual servers across multiple locations, both inside their network and out on the public cloud. For each of these, there will be multiple levels of access permissions, from standard users with almost no rights all the way to IT administrators with full root access. Add in thousands more devices, applications and data stores, and it’s easy to understand why more than half of all organisations don’t know how many privileged accounts they have or how they are managed.
With the number and sophistication of cyber-security threats continuing to grow, organisations can no longer afford to ignore the problem of Privileged Access Management (PAM). The vast majority of security breaches involve compromised privileged accounts. The stakes are high, with all of the most valuable and sensitive digital assets at risk: client-confidential information, intellectual property, financial data – in fact, the whole ability of the organisation to keep functioning.
Because privileged user accounts can offer hackers “the keys to the kingdom”, giving them the ability to take over systems and hide their activities, PAM has consistently been top priority for CISOs in recent years.
Security versus convenience
Historically, the challenge with PAM has often been the tension between the need for high security and the need for usability. In a nutshell: where the measures designed to keep systems secure are hard and time-consuming to use, privileged users will naturally seek to circumvent them.
If you don’t make your PAM convenient, IT administrators may try to save time and effort by: ignoring password policies, sharing credentials with each other, using root accounts where less privileged accounts would be more appropriate, setting up new systems using default configurations, failing to deprovision unused accounts, and so on.
What’s more, if you’re one of the many organisations still using spreadsheets or even paper documents to track and managed privileged access, you won’t have any insight into the real state of security on some of your most critical systems. And that means a much higher risk of costly and damaging breaches.
If that was the state of play at the start of the year, things are now all the more urgent and important in a world where many people are working from home and IT admins are managing systems from outside the firewall across VPNs, SSH or RDP. This adds another dimension to the security risk, dramatically increasing the attack surface.
At this point, there are a number of questions you may need to consider. Do you have a clear and enforceable policy for password strength and rotation that is applied to all systems? Do you have a consolidated view of all privileged user accounts, and can you quickly provision and deprovision these? Do you understand which users have access to which digital resources, and can you conveniently and securely elevate privileges where required? Can you review and replay user activities in the event of a suspected breach?
If the answer to any of these questions is “no”, you would benefit from a modern PAM solution capable of managing privileged access to all systems across your entire network, both on-premises and on the cloud. Through the automation of consistent, repeatable processes, modern solutions make PAM simple, scalable and cost-effective, and empower you to:
- Discover and managed privileged accounts in a highly automated way
- Manage the PAM environment, with user-friendly workflows for obtaining privileged access
- Store passwords and keys in a heavily encrypted vault, and automatically enforce password policies
- Monitor and control privileged access, recording user sessions and maintaining secure audit logs
- Secure and protect the IT landscape by preventing unauthorised use of privileged accounts
- Connect authorised users to systems via session launchers with embedded credentials, keeping the actual passwords hidden.
Full speed ahead for security
With 30+ years of experience in serving some of the UK’s leading blue-chip companies, Northdoor knows all about data security. We can get you up and running with a best-practice PAM solution based on IBM technology within a matter of days.