The 5 Key Privileged Identity Management Capabilities

The 5 Key Privileged Identity Management Capabilities

What are the five key privileged identity management capabilities necessary for modern enterprises? How can they improve both your cybersecurity and your workflows? 

According to privileged identity management provider Centrify, almost three-fourths of enterprise suffer a data breach due to compromised privileged identities. So embracing the key privileged identity management capability should radically improve your business’ cybersecurity resilience. 

However, enterprises often fail to recognize or understand privileged access; in fact, as many as 26 percent of U.S IT decision-makers seem unclear on the definition of privileged access. 

Therefore, your enterprise may not know what key privileged identity management capabilities you need. Knowing and deploying these capabilities through next-generation identity security can prove pivotal to your future success.

Here are our choices for the top five key privileged identity management capabilities 

A Quick Note on the Key Privileged Identity Management Capabilities       

Before we go over the capabilities, we want to acknowledge two important factors in privileged identity management. Neither exists as an explicit capability per se; instead, they inform the effectiveness of these capabilities and their evolution in the context of the threat landscape. 

First, your privileged access policies and capabilities must follow the Principle of Least Privilege. This states that your users should only possess the permissions they need to perform their normal job functions—and no more. Any additional privilege above base need constitutes a security risk under this Principle. Indeed, hackers and insider threats can both exploit unwarranted permissions to conduct their attacks.  

Therefore, your privileged identity management needs to enforce this Principle of Least Privilege. Fortunately, they can do this through several capabilities including provisioning, governance, and increased visibility. Governance, in particular, can help deal with temporary permissions which can often befuddle IT security teams. 

Second, privileged identity management capabilities help to remove the need for manual processes. Even as enterprise networks scale, some IT security teams insist on trying to manage permissions via a spreadsheet. Obviously, this fails to work—too many users need temporary privileges and new access at one time to keep up with manually. 

Thankfully, next-generation privileged identity management almost always provides automation. Automating behavioral investigations, Just-in-Time access, and authentication can free up your IT workflows and facilitate other business processes. 

With these two necessities firmly established…

The Five Key Privileged Identity Management Capabilities 

1. Multifactor Authentication 

Previously, the editors of Solutions Review noted passwords carry with them several weaknesses. Notably, these include being easy to guess, being easy to crack, being easy to phish, and being constantly repeated. In fact, the latter contributes to a cascading effect, as repeated passwords allow hackers into multiple servers, databases, and networks. 

Therefore, building more authentication around passwords must become a key consideration. While enterprises may never truly rid themselves of passwords, they can supplement and strengthen them. Each authentication factor between the user and the database represents another hurdle to hackers. Hence the power of multifactor authentication (MFA).

Of course, with time and resources, hackers can subvert or bypass any number of authentication factors. However, most hackers would prefer to target weaker enterprises for a faster profit. So multifactor authentication can deter as many hackers as it deflects. 

Multifactor authentication can include passwords, hard tokens, geofencing, time of access monitoring, and behavioral analysis. The last of these proves especially important; it allows your cybersecurity to conduct continuous authentication even after the initial log-in. 

Of course, this sounds like another of the key identity management capabilities…

2. Privileged Session Management 

Session management offers your IT security team the ability to monitor and record privileged sessions. Thus you give them a better window for auditing and investigating cybersecurity incidents. In other words, it helps you exhibit control over your privileged identities. 

Sophisticated, next-generation privileged session management should enable you to observe the date, time, and location of each session. In fact, you should have visibility over their very keystrokes to ensure the authenticity of each privileged user. This can prevent insider threats and hackers alike by making sure users use their permissions according to business processes.  

As a side note, if you users share credentials or accounts, then a secondary authentication factor may become necessary. This ties it into behavioral analysis even more deeply.  

3. Privileged Identity Discovery 

Many privileged identities can vanish from your monitoring. This can occur due to scaling networks or poor offboarding. Additionally, temporary permission may not be revoked after a prompt timeline, leaving users with privileged identities but no oversight. 

Many unmonitored privileged identities become orphaned accounts and thus security vulnerabilities. This proves another side effect of manually managing privileged identities; trying to keep track of everything in a spreadsheet is doomed to failure. According to Thycotic, 70 percent of enterprises fail to discover all of the privileged access accounts in their networks.

Moreover, 40 percent never attempt to look for all their privileged accounts. 

As one of your privileged identity management capabilities, you need to embrace discovery. Improved visibility can help discover and if needed close orphaned accounts.  

4. Password Vaulting 

Password vaulting can help secure accounts through password managers; for reference, password vaulting functions in a manner reminiscent of a safe. Passwords remain locked inside and encrypted, with only one master password capable of accessing them. They maintain encryption even as users call upon them, automatically enabling them to log in securely. 

In some ways, it resembles single sign-on. However, it proves a secure alternative to single sign-on which facilitates workflows. 

5. Centralization  

Consider all of the users, applications, databases, and everything else that comprise your IT environment. Now imagine trying to keep an eye on all of these moving parts simultaneously to ensure proper permission and privileges policies. 

Legacy identity management solutions can’t possibly provide your IT security team with the centralized view necessary. So your enterprise needs to consider deploying a solution which centralizes your view, controls, and authority over users’ identities. Privileged identity management can help. 

You can learn more in our 2019 Privileged Access Management Buyer’s Guide. We cover the top vendors and their key capabilities in detail! 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner