Given the times, that so many businesses need to consider remote administrators should not surprise anyone. However, has anyone considered the cybersecurity and identity management implications of remote administrators? What does it mean to have your most privileged users working from an environment outside the corporate security boundary? How can your enterprise protect their credentials from abuse?
Advice from Nate Yocom of Centrify
- Grant IT administrators secure, context-aware access to a controlled set of servers, network devices and Infrastructure-as-a-Service (IaaS).
- Enable outsourced IT without the need of including administrators in the Active Directory.
- Control access to specific data centers and cloud-based resources without the increased risk of providing full VPN access.
- Secure all administrative access with risk-aware, multi-factor authentication (MFA).
- Single secure access point for administrators to manage infrastructure using shared accounts or their own Active Directory account.
- Enable secure remote access to data center and cloud-based infrastructures for internal users, third-party vendors, and outsourced IT through a cloud service or on-premises deployment.
This is an incredibly significant topic as the coronavirus pandemic accelerates and traps many workers at home. Let’s break down some of Yocom’s advice, because he offers valuable insights in these confusing and troubling times.
Enforce the Principle of Least Privilege for Remote Administrators
The Principle of Least Privilege states that users should only have the privileges and permissions necessary to complete their jobs. In other words, if a user obtains permissions beyond their everyday workflows, your IT security team must revoke them immediately.
Therefore, the Principle of Least Privilege doubles as both common sense and cybersecurity mandate. However, enterprises still struggle to deploy and maintain this principle over time. In fact, plenty of factors can disrupt or impede the Principle of Least Privilege. These include:
- A temporary project or other short-term disruption (like a departing employee) requiring the granting of permissions to different users, and then those permissions lingering with them.
- The network scaling or changing rapidly, requiring the creation of new privileges without regulation or careful monitoring.
- Run-of-the-mill complacency and neglect. The logic goes that you trust privileged users, so they should have more permissions to handle problems. By default, they receive new permissions.
With the coronavirus ravaging communications and workflows around the globe, enterprises face temptation; they feel circumstances permit them to let their privileged users obtain more control as they deal with other issues.
However, this could lead them into a trap. The more powerful privileged users become, the more of a target they become for cyber threat actors. After all, with more permissions, the more damage hackers could do with stolen privileged accounts.
Therefore, enterprises need to follow Yocom’s advice and limit remote administrators’ access to data centers and cloud-based resources. This limits the damage these credentials can do during a security incident. Keep this in mind when planning out your cybersecurity strategy moving forward.
Multifactor Authentication for Remote Administrators
Your enterprise should take Yocom’s advice about deploying multifactor authentication (MFA) for remote administrators to heart; you must ensure they can verify their users effectively.
However, you should also do so for all of your employees, regardless of their administrator or remote status. Single-factor authentication, usually embodied in passwords, basically welcomes hackers in with open arms. The more factors your enterprise imposes between access request and access granted, the more secure your sensitive data.
Therefore, you need to deploy as many authentication factors as possible, especially for your remote administrators who operate without direct oversight. Fortunately, many of these factors can operate without interrupting logins. Time of access request monitoring and geofencing are among the most prominent means of verifying identity without active inputs.
Other MFA factors can include hard tokens (which can be users’ mobile devices), biometrics, and SMS messaging. In other words, you can deploy MFA in a way that requires little from your employees but proves effective for cybersecurity.
Latest posts by Ben Canner (see all)
- 2020 Vendors to Know: Identity Management - July 13, 2020
- 2020 Vendors to Know: Identity Governance - July 9, 2020
- 2020 Vendors to Know: Privileged Access Management - July 7, 2020