Privileged access management is rapidly evolving as attackers have become more sophisticated, and the risk from compromised privileged credentials is higher than ever before. This article presents a model to manage privileged access for an organization given its specific requirements and environment. This model will guide the reader through different steps to identify what privileged access should be addressed, who needs privileged access, and the various ways in which they should be granted.
With the increasing number of connected devices, mobile platforms, and cloud services, organizations are threatened by malware propagating through these new vectors. Data breaches involving stolen user credentials are becoming more common as attackers continuously find innovative ways to compromise user accounts or passphrases. The stolen credentials are then used to gain access to data and other network resources, leaving organizations exposed to loss of sensitive information, intellectual property theft, or internal network exposure.
Privileged accounts are at the center of these attacks. They allow administrators to connect from an external source to a network or server where the user has complete control over it. Furthermore, you may visit https://www.m1.com.sg/business/solutions/managed-security-solutions/privileged-access-management to learn more about privileged access management.
This article presents a model to manage privileged access for an organization given its specific requirements and environment. This model will guide the reader through different steps to identify what privileged access should be addressed, who needs privileged access, and the various ways in which they should be granted.
Objectives of privileged access management (PAM)
Privileged accounts provide the highest access to an organization’s assets and must be protected against compromise.
The main objectives of PAM are to:
– protect privileged credentials against theft and misuse while allowing them to be used when necessary;
– ensure that administrators use their privileged access only for intended purposes;
– monitor the use of privileged access from both within and outside the organization;
– provide a centralized location to manage all authorized administrator accounts across a physical, virtual, and cloud infrastructure.
Any compromise to a privileged account has serious consequences. If an attacker can log in as a local or domain administrator on a computer, they have complete control over it. A compromised administrator account can be used to gain access to other computers and servers on the network, install malware or spyware and steal data.
Privileged accounts management policy
When managing privileged access, an organization must have a clearly defined PAM policy to guide any decision-making. The primary goal of this policy should be to ensure that any time privileged access is used, it can be done in a secure and authorized manner.
The policy should cover:
– what privilege levels are to be managed;
– the use of temporary and permanent privileged access;
– administrator account provisioning (e.g., number of administrator accounts to manage, who needs administrator privileges);
– the use of privileged access, both for in-scope and out-of-scope activities;
– monitoring and auditing administrator activities to detect any misuse or security incident;
– what privilege levels determine which activities can be carried out (e.g., provisioning an administrator account);
– how accounts are protected from theft, misuse, and compromised use;
– the process for escalation or de-escalation of privileges as required.
Typically, decisions during PAM implementation will be based on the risk to the organization’s information assets, systems, and data. The policy should clearly define which privilege levels are authorized to perform certain activities so that any decision can be made objectively, without any ambiguity.