Technology research giant Gartner spent the second half of 2018 emphasizing the importance of privileged access management for the enterprise. They released their “Top 10 Security Projects for 2018” list which featured PAM in the Number 1 spot. A few days ago, Gartner released their first-ever Privileged Access Management Magic Quadrant, exploring the market in more depth.
This leads cybersecurity observers to one crucial conclusion: enterprises must prioritize privileged access management in 2019. Without the sufficient investment of time, energy, and resources, enterprises will remain vulnerable to external hackers and insider threats exploiting their super-user permissions. Their proprietary data and digital assets will never be secure.
What will privileged access management in 2019 look like? What should enterprises invest in to strengthen their PAM stance?
Here are our predictions and conclusions:
Privileged Access Management in 2019: Solution and Attitude
Privileged access management solution provider Thycotic released the findings from the “2018 Global State of Privileged Access Management (PAM) Risk & Compliance” report. The report emphasized the importance enterprises attach to their PAM but also their difficulties in executing proper best practices:
- 80% of enterprises consider PAM an essential security concern.
- 60% need PAM for their industry and regulatory compliance.
- 62% fail to provision for their privileged access accounts.
- 51% fail to enact secure logins for their privileged accounts.
- 40% never look for all of their privileged accounts.
- Of those that do, 70% fail to discover all of them.
In other words, privileged access management in 2019 will not simply rely on deploying the proper PAM solution (although that will be a crucial component). Instead, it will also rely on enterprise IT security teams utilizing the advantages of their PAM solutions to increase their visibility and secure their logins. Further, it requires enterprises to modify privileges policies to maximize those advantages.
New Privileged Access Management Policies
According to a report by Security Boulevard, one of the key takeaways from the most recent Gartner Identity and Access Management Summit is the complexity of privileged access management in 2019. This complexity constitutes a major obstacle to enterprise adoption and execution.
Examples of these PAM policy complexities include static role privilege assignment and visibility. The former can impede enterprises’ privilege escalation prevention efforts. Instead, Gartner recommends adjusting and converting to a just-in-time PAM policy.
The latter concerns the blind spots arising from the proliferation of identities, endpoints, and cloud applications, which can still occur even with a PAM solution in place. Centralizing your privileged access management in 2019 should help reduce the number and extent of credential blind spots.
Reducing and Securing: A Balancing Act
The most common advice among PAM solution experts and providers is to reduce the number of privileged access accounts on your network. On the one hand, this advice is sound. This tactic reduces the possibility of orphaned accounts with privileged permissions lingering on your network.
However, individuals do need privileges to perform their daily duties, creating a floor of minimum privileged accounts in your enterprise. In these cases, your emphasis should be on securing these accounts. This can include multifactor authentication or a more granular approach based on the sensitivity of the work involved.
Your privileged access management in 2019 needs to balance removing accounts and securing what can’t be removed.
Limit Lateral Movement
Sunil Kotagiri—Co-Founder of security analytics vendor Seceon—wrote extensively about lateral movement attacks and how to limit them. His insights prove as true for privileged access management in 2019 as it is for security analytics. One way to do so for PAM is to reduce or otherwise eliminate remote admin permissions for crucial applications or databases.
Privileged Access Management in 2019: One Part of the Platform
Overall, privileged access management works best as part of an overall identity and access management platform which also includes identity governance, cloud security, and authentication. Enterprises will need to ensure their solutions’ integrate well together and can form a comprehensive identity security platform.