3 Privileged Access Management Questions You Must Answer

3 Privileged Access Management Questions You Must Answer

Here’s a hypothetical scenario to consider: what would happen to your enterprise’s network if an external hacker or an insider threat obtained the privileged credentials of one of your super users?

If you shuddered when you thought of such events coming to pass, don’t worry. It’s a normal reaction. It proves you are still sane.

After all, what couldn’t a hacker do after subverting your privileged access management protocols or solution? Stolen privileged access credentials can cause untold damage to your enterprise. Hackers could use them to steal proprietary digital assets and data without raising alarms, reconfigure your entire environment network, subvert your business processes or financial payments…and that list just scratches the surface.

Yet despite the potential severity of stolen privileged credentials, according to the 2018 Verizon Data Breach Investigations Report, 80% of all enterprise-level data breaches include stolen or weak privileged accounts. Once hackers have used these credentials there is a nearly 70% chance they will remain undetected, causing damage to the victim enterprise for months.

How can your enterprise prevent these horrible scenarios from coming to pass? The first step is to answer these 3 privileged access management questions…and acting on your honest answers.    

Who Has Privileged Access In your Enterprise?  

This is one of those seemingly easy privileged access management questions proving much harder to answer the more you investigate it.

Privilege creep can result in users having permissions they no longer need as they move throughout roles in your enterprise. Additionally, discrepancies in the onboarding process can bestow unnecessary access. This means your ordinary users might have privileges unknown to your security teams (and even to them)…and which can prove devastating if they end up in the wrong hands.

According to Thycotic, 70% of enterprises fail to discover all of the privileged accounts in their networks. 40% never bother to look in the first place. If you plan on gaining more control over your privileged accounts, you need to find these privileged accounts and either remove those permissions or make sure they are properly secured.    

This also means figuring out how many orphaned accounts—accounts lingering on the network without active users associated with them—are hidden on your network. These can also be stolen or otherwise abused, with the added issue of being harder to detect since there is no normal user observing them.   

What Access Do Your Privileged Credentials Have?

Among other privileged access management questions, this one might seem contradictory. Shouldn’t your privileged users have privileges?

Much like the question above, this query becomes more complicated the more you look into it. Not all superusers are or should be created equal in terms of digital permissions. Instead, your enterprise should look to enforce the principle of least privileges throughout all of your users’ identities.

The principle of least privileges dictates users should have the least amount of permissions possible. Ideally, superusers should only have the access they absolutely need to accomplish their daily tasks. The superusers associated with your HR department should not have access to your financial department’s databases, as just one example.

Your security team should look at the permissions of each of your privileged users, remove the privileges they do not need, and severely limit temporary permissions when granted.    

What Privileged Access Management Tools Do You Have?

Legacy solutions are inadequate to handle the demands of modern enterprise’s users and privileges. Your enterprise needs a next-generation solution. There is no way around it.

According to One Identity, 31% of enterprises use outdated or manual methods like pen and paper to manage their superuser’s credentials. But writing down passwords invites the unscrupulous to steal passwords or for those passwords to end up in the wrong hands.

Investing in cybersecurity is a hurdle many enterprises still struggle with; it can be hard to invest in something so abstract. Yet it isn’t truly abstract. Only be answering these privileged access management questions can you survive in the modern digital marketplace.           

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner