Privileged Access Credentials (With Identity Automation)

privileged access credentials Identity Automation

Quick—how many individual data records have been stolen from enterprises in just the past 3 years?

Chances are you don’t know the exact number. Given how many data breaches occur every year, it can be a challenge to keep track of them all. According to identity and access management and privileged access management solution provider Identity Automation, last year alone the number of records stolen totaled 174.4 million. Further, their findings can’t account for the data breaches that go unreported—the actual number might be even higher!

Why are so many enterprises’ digital records in such jeopardy? The reason may lie in a finding from Forrester Research: 80% of security breaches involve stolen privileged access credentials. According to Identity Automation, privileged access credentials can grant your enterprise’s IT admins the ability to log into servers, switches, routers throughout your IT environment and to perform tasks without restriction. But by the same token, hackers who obtain those credentials can do the same.

Traditionally, privileged access credentials fell into several broad categories. However, Identity Automation contends that this traditional understanding doesn’t encompass a wide range of privileges, nor does fit with the current cybersecurity paradigm. Instead, the status of “privileged access credentials” should apply to any user with access to data that could be monetized (SSNs, credit cards, intellectual property, and personal health information) or that could cause reputational damage.

Your enterprise should be adopting a zero-trust mindset and should be on the lookout for unexpected privileged identity attack vectors, including:

  • Email
  • Social Media
  • Marketing Automation and Customer Relationship Management Software
  • Help Desk and Ticket Management
  • Websites and Customers Portals
  • Collaboration and Project Software

While each has its own potential issues—emails, in particular, aren’t nearly as confidential as we’d like to believe—a commonality between them is that they tend to favor frictionless user experiences. This often leads to compromised security protocols and thus compromised privileged access credentials.      

Identity Automation also explores in detail the consequences of stolen privileged access credentials, including:

  • Reputational Damage (which can cost enterprises as much as $4 million)
  • Compliance and Regulatory Fines
  • Stolen IP (which can account for more than 80% of your company’s value)
  • Lawsuits
  • Executive Job Loss
  • Other Costs

To help your enterprise avoid these dire consequences, Identity Automation recommends some essential best practices for securing your privileged access credentials, including:

  • Implementing time-and-location based access controls (Tom from Accounting generally shouldn’t be trying to log-in from Cambodia at 3 am).
  • Embracing the principle of least privileges (giving employees only as many entitlements as they need to perform their day-to-day roles).
  • Streamlining entitlement requests to supplement the zero-trust model.
  • Improving your password policies to facilitate “passphrases.”
  • Implementing multifactor authentication.   

Above all, Identity Automation states that you should prioritize your credentials by evaluating what exactly each has access to and treating all of them as privileged. Give your IT security team control over the designation so that the end-user can’t give themselves undue convenience and therefore jeopardize your digital assets.

If your enterprise is interested in privileged access management in the modern IT environment, you should check out the “Why Your Organization Should Treat Every Account as Privileged” free e-book courtesy of Identity Automation.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner