Whenever you consider, select, deploy, and maintain a cybersecurity or identity security solution, you should have a problem to solve. Deploying solutions without thought or a purpose only creates future confusion and unneeded expenses.
Privileged access management works to solve a critical problem facing your business today; namely, how do you protect the permissions and credentials of your enterprise’s superusers?
After all, if your privileged users’ credentials end up in the wrong hands, your most sensitive digital assets could become compromised. Threats could dwell uninhibited on your network for months if not longer. Uncontested insider threats could become rampant. All solutions’ privileged access capabilities, therefore, aim to ensure the right person has the right credentials at the right time.
Yet the key privileged access capabilities your enterprise needs may not prove as straightforward as their intended goal. Before you can select a PAM solution, you first need to understand what the key privileged access capabilities do for your enterprise. The first step in any decision is to understand what you’re seeking. Without that first step, how can you begin your decision-making process?
What Should Privileged Access Capabilities Do?
This question appears simple, in part because we defined the goal of privileged identity management above. Yet the core of PAM does not constitute the sum of it. Privileged access capabilities must also solve other related issues facing your enterprise, including:
- Discovering all of the privileged accounts on your network. According to the Thycotic “2018 Global State of Privileged Access Management (PAM) Risk & Compliance,” 70% of enterprises fail to discover all of the privileged access accounts in their networks. 40% never bother to look for all their privileged accounts. You cannot protect what you cannot see.
- Governing the access of your superuser accounts. Not all privileged users are created alike; your head of HR doesn’t need high-level access to the development of your consumer-facing application. Limiting the access users have automatically will fortify your overall security posture and permissions. Additionally, security teams must not allow privileged accounts to become orphaned.
- Recording the activities of your privileged users. Great power must come with great oversight; the alternative only leads to abuses and damages. Your privileged identity management solution must provide visibility into the behaviors and actions of your superusers, as well as any changes made to their accounts.
The Key Privileged Access Capabilities for Your Enterprise
They include, but are certainly not limited to:
- Password Safe/ Password Vaulting—This privileged access capability also goes by the name of “password manager.” If you think of your digital enterprise as a physical space, a password vault is literally a digital safe: a storage location wherein passwords remain encrypted. One master password—the key to the safe—can be used to access passwords for different websites, which are entered automatically while maintaining the encryption. You can think of it as a even more secure single sign-on tool.
- Session Management—If the password manager serves as the safe, then session management forms the security cameras watching the halls and the exterior. Session management monitors and records the actions and behaviors of your privileged users as they move throughout the network and make access requests. Next-generation session management tools will also lock down access based on the geographic location and time of the access requests. Session management can even record the keystrokes and mouse movements of the user to look for behavioral discrepancies.
- Just-in-Time Privileged Access—Gartner predicts the widespread adoption of this capability within the next few years, according to their Magic Quadrant report. Just-in-Time grants privileged users (and regular users) temporary access to select digital assets and databases to complete specific projects. After a set period of time, those privileges are automatically removed. It can also create temporary accounts with the same limitations.
This list of the key privileged access capabilities doesn’t cover the tools and necessities of the predicted future, such as cloud identity security and DevOps. Yet this list should help you understand what to look for in your next-generation PAM solution. The capabilities you’ll need for your enterprise will depend in part on the size of your enterprise and other considerations like the prevalence of privileged services in your network.
Regardless, your enterprise needs a comprehensive privileged access management solution. That much should be clear already.
Latest posts by Ben Canner (see all)
- Privileged Access Management Tips for the Modern Enterprise - April 17, 2019
- What Causes Password Compromise (And How to Prevent It) - April 16, 2019
- How to Prevent Insider Threats with Identity Security - April 11, 2019