By the Numbers: Why You Need To Improve Your Privileged Access Management

By the Numbers: Why You Need To Improve Your Privileged Access Management

In modern cybersecurity, failing to enact strong, next-generation privileged access management (PAM) leaves your enterprise profoundly vulnerable. Instead of waiting for a breach, you need to take the first steps to improve your privileged access management. 

Why do you need to improve your privileged access management? What steps can you take to improve your overall identity management? To answer these questions and more, we dive into the numbers. 

Why Improve Your Privileged Access Management?  

Hackers target privileged credentials more than any other attack vector. After all, privileged credentials open doors normally closed to them, like access to sensitive databases or to direct finances. Moreover, because of a common lack of security controls, these credentials tend to have less monitoring on them. 

Therefore, you need to take steps to improve your privileged access management by both identifying it and deploying capabilities. Illustrating this, PAM solution provider Centrify found:

  • 74% of enterprises suffered a breach resulting from a stolen or compromised privileged account.
  • 26% of U.S. enterprises have trouble defining privileged access.
  • 52% of enterprises don’t have a password vault.
  • 65% admit to sharing root or privileged access.
  • 21% still have not implemented multifactor authentication on their superuser accounts.
  • 63% said it takes their enterprise more than a day to remove the privileged access from an account in the event an employee leaves the company.
  • 45% say they don’t use privileged access to secure their public and private cloud workloads.
  • 72% don’t use privileged access to secure containers.   

To Improve Your Privileged Access Management, Don’t Get Arrogant

Two truths remain consistent in cybersecurity and identity management. First, attacks and defenses are mutually mutable. Second, enterprises tend to neglect their cybersecurity until the worst happens.  

Indeed, for privileged access management, enterprises often reveal overconfidence in their ability to protect their most powerful credentials. According to a study Centrify and TechVangelism

  • 52% of surveyed enterprises don’t use a password vault, a basic privileged identity capability.
  • 43% described their PAM platform as “nonexistent.”
  • 52% of enterprises don’t use multifactor authentication.
  • 79% of enterprises don’t have a mature PAM platform.
  • 93% express the belief they can handle threats to their privileged access, revealing the overconfidence. 

To improve your privileged access management, you can’t give into arrogance. Instead, work with your IT security team to evaluate the true state of your privileged access management. 

Make sure you can answer these questions:

  • Do you have the latest identity management and privileged identity capabilities deployed? 
  • Does your enterprise effectively govern those identities i.e. limiting their permissions to prevent access creep?
  • Can you identify all of the privileged accounts on your network (which we will mention later in this article)? 
  • Can your current IAM or PAM solution keep up with your demands? 
  • If not, what steps can you take to find an effective solution that fits with your distinct use-case? 

Take Time to Find All the Privileged Accounts

In other words, you need to know all of the privileged credentials currently operating on your network. Additionally, you need to limit those credentials’ permissions. No one account should have unlimited power; even in the right hands, that could prove a recipe for disaster. 

For example, your HR head should have access to your finances. That’s too much simultaneous power even for an executive of their level. 

Studying proper privileged provisioning and discovery, privileged access provider Thycotic found:

  • 62% of enterprises fail to provision for privileged access accounts.
  • 51% fail to enact secure logins for privileged access accounts.
  • 73% don’t remove default or test accounts on their applications before they go into production.
  • 70% of enterprises fail to discover all of the privileged access accounts in their networks
  • 40% never look for all their privileged accounts.  
  • 55% fail to revoke permissions after a privileged employee is removed.
  • 63% don’t have security alerts in place for failed privileged access account login attempts.

What Does This All Mean For Your Enterprise? 

Obviously, you should enforce strong authentication on all of your digital identities. Even regular credentials can create serious compromises, as evidenced by the myriad breaches starting with unauthorized access.

However, privileged identities need that extra layer of protection above all. 

To get started on improving your privileged access management, first consider your environment. Do you have a cloud-based environment? Operate on-premises? Or do you have a hybrid infrastructure? 

No matter the answer, you must ensure your identity management solution can effectively accommodate and facilitate your distinct environment. Trying to make an on-premises solution stretch to accommodate the cloud often proves a critical ingredient in a breach.

Next, deploy multifactor authentication. In many of our articles, we speak about the importance of moving away from single-factor authentication. There are concrete, provable reasons for this. No identity security expert anywhere believes passwords alone can stop hackers. In fact, the list of grievances against passwords goes on and on. 

Instead, your enterprise needs to put up as many obstacles to your access requests as possible. As has often been said, hackers prefer low-hanging fruit. Generally, they won’t bother with enterprises with strong cybersecurity as it takes too much time and effort. Multifactor authentication elevates your company from the category of low-hanging fruit. 

In other words, taking the time to improve your privileged access management means making yourself less of a target and a harder one. Therefore, you have nothing to lose—why not try now? 

If you would like to learn more about PAM and how to improve it, be sure to check out our Buyer’s Guide! We dive into the key capabilities and top vendors in the market!

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner