Enterprise Privileged Access Management Advice for 2020

Enterprise Privileged Access Management Advice for 2020

Want some enterprise privileged access management advice for 2020? We understand; privileged access management (PAM) must form a key component if not the core of your business’ cybersecurity. Approaching privileged access management from a fresh perspective in the coming year can only strengthen you in the long-term.

What is privileged access management? It serves as a branch of traditional identity and access management, focusing on protecting the most powerful users. With privileged access, internal and external actors can access networks beyond the domain; it can manage, manipulate and export data and applications for exploitation or even deletion. 

Yet enterprises continue to neglect their privileged access management. According to Centrify, 26 percent of U.S. respondents expressed uncertainty concerning the definition of privileged access management. Also, 52 percent of enterprises don’t use a password vault. Another 65 percent admit of sharing root or privileged access. 

Perhaps most damning, 21 percent do not implement multifactor authentication on their superuser accounts. If your enterprise struggles with these and similar issues, you need privileged access management advice for 2020. 

Here are a few suggestions from us! 

Enterprise Privileged Access Management Advice for 2020

Use Password Managers

Just reusing passwords over and over again, as many users tend to do, leaves your enterprise vulnerable. Only by using unique, strong passwords (no usage of “12345”) can you reliably use passwords in any capacity. Even then, you will need stronger authentication policies (as we shall discuss below). 

However, trying to get users to remember multiple hard-to-guess passwords simultaneously asks a lot of them. Instead, why not incorporate a password manager into your daily processes? 

For the record, we here discuss password managers as part of a fully-fledged privileged access management solution. Storing credentials in your browsers prove a consistent recipe for disaster; hackers can easily steal credentials stored on the browsers with relative ease. In fact, they only need to gain access to your users’ social media accounts to make the most of their permissions. 

PAM-based password managers can save, create, rotate and update passwords in a single encrypted location. A single strong password keeps all of these credentials safe; in some ways, it enables you to enjoy the benefits of single sign-on. Additionally, using a privileged access management solution helps ensure that all users can enjoy the benefits of password managers; under other circumstances, they deploy on an individual basis.

However, you can’t just rely on password managers alone. Your enterprise still needs to stay on alert for phishing attacks and repeated passwords. 

This is where the rest of our privileged access management advice comes in. 

Take Responsibility for Your Environments

According to another survey by Centrify, enterprises struggle with understanding a fundamental truth; ultimately, your enterprise must take responsibility for the privileged access on its environments. Even if you use a public cloud, the responsibility for cybersecurity lies squarely with you. 

Yet 60 percent of respondents to the Centrify survey don’t understand they, at best, share responsibility with their cloud provider. Indeed, 68 percent of enterprises don’t follow PAM best practices to control cloud access. Frequently, enterprises do not employ a common security model for enforcing least privilege access.

Therefore, one of the most critical pieces of privileged access management advice for 2020 is to secure all of the portals to your IT environments. Regardless of your on-premises, cloud, or hybrid environments, you must ensure a consistent layer of identity security. 

This leads neatly into the next piece of privileged access management advice for 2020. 

Identify All of Your Privileged Access Users

You cannot protect what you cannot see, as the cybersecurity maxim goes. This applies to your privileged accounts most of all. In fact, you may thousands if not hundreds of thousands of privileged users in your network. 

First, you need to identify all of these privileged users and govern their permissions. Do they have permissions that fit their job titles? Do they have too many permissions? If the latter, then you need to remove the unnecessary privileges as quickly as possible. 

Second, you need to identify the third-party users with privileged access in your network. This may result from a necessary workflow but it could also occur accidentally. Third-parties with access to privileged assets could provide a stepping stone for hackers. 

After all, they could hack your third-party vendor and use their privileged access to stroll into your network unimpeded.

Therefore, identifying all of your privileged users gives you the opportunity to practice the Principle of Least Privilege. This is one of the most critical aspects of proactive identity security possible for enterprises. It’s time you embraced it.

Deploy Multifactor Authentication

No list of privileged access management advice for 2020 would be complete without mentioning multifactor authentication. The more factors you can incorporate into your authentication, the more secure your digital assets. 

Passwords alone, even with a password manager, can’t defend against hackers on their own. After all, threat actors could easily discover passwords or security questions through a simple social media scroll. Instead, you need to add factors like time of access monitoring, hard tokens, and biometric authentication. 

Moreover, multifactor authentication doesn’t need to interfere with business processes! They could operate in the background, serving as a continuous security force.        

Want More Privileged Access Management Advice for 2020? 

Check out our Privileged Access Management Buyer’s Guide! We cover the top solution providers in detail as well as their key capabilities.

 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner