PAM Protects the Keys to Your Kingdom
The plotline of many modern-day heist movies and television shows involves stolen credentials, whether key cards granting physical access to facilities or logins granting access to systems. However, scriptwriters often miss one key element in cybersecurity— privileged access management (PAM).
What is Privileged Access?
Privileged access gives elevated access rights to select users or systems. System and database administrators have privileged access to access servers, adjust permissions, make backdoor accounts, or change or delete data. Systems might require privileged accounts to run critical IT processes, schedule tasks, and batch jobs across a network of databases, applications, and file systems. Privileged accounts have the highest access clearance, and only a select few employees or partners should have this access. That’s where PAM comes in.
What is Privileged Access Management?
It’s uncommon for CEOs and executives to need privileged access to systems. A typical privileged access user would be a system administrator using the access to reset passwords for others, install hardware and software, access the databases behind systems, and make changes in your system.
Privileged access should be granted based on a need to know, edit, and delete basis. In other words, some users might have read-only rights; some might have read/write access, and some might have the highest level of access, allowing them even to delete information.
Here’s an example to add some color to the conversation: PAM is typically given to IT administration as the needs mentioned above are highly unusual activities for a CEO. So any script ( in the movies or real-life) depicting a high-powered executive, Tony Stark excluded, as having access to back-end systems is often inaccurate. That said, it doesn’t mean that a CEO’s hacked credentials aren’t going to be damaging to an organization due to the CEO’s access to other confidential information like financials. What PAM changes are the impact a hacker could have on their usual suspects, which are typically executives holding the money, access, and key data.
What’s important to note about privileged access is that often privileged access is only needed for a designated amount of time. Having multiple people in your organization with free reign to know, edit, access, and delete critical data is not safe, no matter who you are or what you do. Another best practice is to determine whose helping you with the task, say a system administrator, and then determine for how long they can assess your systems and revoke the privileged access immediately after the project is done. That way, hacking a lowly system’s administrator’s credentials won’t give the hacker any success either.
Having Privileged Access Management in place instead of just privileged access or rights safeguards all users, including privileged systems and individuals. It ensures that access is granted to only authorized users and accounts and only for the time they need it. PAM provides audit trails and email alerts for early notification of any nefarious or even non-routine activity within IT systems. Session monitoring and recording serve dual purposes of auditing activity and providing evidence when investigating incidents. PAM also disables access for terminated employees.
Risks and Threats of Compromised Privileged Access
Movie and television series scripts do have one thing right: privileged access rights are often the keys to the kingdom. Stolen or hacked privileged access credentials can have devastating consequences to a business, as can a single disgruntled employee.
As stated in our previous blog post, “FBI Warns of Major Spike in Cyber Attacks:”
While attackers can ultimately accomplish their goals by targeting any endpoint, they often seek out those of privileged users (like system administrators working from home) who have access to sensitive assets and powerful systems. By stealing privileged credentials from these users, attackers can accelerate their efforts. After gaining legitimate access to company systems, attackers appear to be company employees and can move throughout the environment with ease to conduct reconnaissance and siphon off proprietary data.
Privileged access is the gateway to an organization’s most valuable assets and is at the core of nearly every major security breach today. With privileged access, motivated external attackers and malicious insiders alike can access network infrastructure and steal data. Without that access, attackers are severely limited in what they can accomplish.
If a company hasn’t instituted PAM, hackers can go undetected for weeks or months at a time, and they can perform all the functions the privileged access user or system can perform—read, write, and delete data. They could change financial data like bank routing numbers, steal personally identifiable data and proprietary information, disable systems, and install malware.
PAM as a Quick, Big Win
Most organizations recognize the importance of identity access, limiting which end users have access to which systems to do their daily work. Yet, no identity access management plan is complete without a privileged access plan. Ordinarily, businesses begin with access controls, then move to identity management and end with PAM. In terms of risk level and project scope, a quick win is to start with PAM. In Fact, Gartner predicts that
Cybersecurity is a primary concern for businesses in the modern era. While no organization can successfully eliminate all risks, PAM can be a central tool in a multi-layered cybersecurity strategy. Learn more about Risk mitigation with our Checklist: 5 Capabilities to Help Your Enterprise Mitigate Remote Risk in Your Identity Management.
Topics: Privileged Access Management