Keeping privileges to a minimum: What value does PAM bring to the channel?

A glowing blue padlock disintegrates against a black background
(Image credit: Shutterstock)

Remote working is here to stay, and the channel is pivotal in supporting organisations in their efforts to maintain the best protection against cyber attacks whether they’re adopting a hybrid, or fully remote working model. Channel partners with a rich portfolio of security solutions are in the ideal position to facilitate these flexible models and provide organisations with the seamless IT support they need to connect workers securely, irrespective of their location.

At the heart of remote cyber security is privileged access management (PAM), the protection around privileged and sensitive user accounts, which are the crown jewels for cyber criminals. For the channel, PAM creates a new revenue stream and further business opportunities with their customers. However, while having unrestricted access to clients’ IT estates is part and parcel for a service provider, it does pin a huge target on their backs. Offering comprehensive PAM solutions will enable channel partners to secure, manage and monitor access to their own privileged accounts as well as those of their clients, keeping the most valuable keys to their network safe.

Why is PAM so essential?

Cyber attacks have ramped up over the past few years, with phishing now the most common threat vector used by criminals to harvest sensitive credentials. A well crafted phishing campaign can provide a relatively straightforward entry route for cyber criminals and they are often the first step in longer, multistage attacks. Once successful, criminals can move onto the next phase, often involving stolen credentials that lead them on to access privileged user accounts. Industry experts estimate that up to 80 percent of all security breaches involve the compromise of privileged accounts.

Unsurprisingly, demand for PAM is high and channel partners have a key role to play in supporting clients by managing and protecting privileged accounts in increasingly complex IT environments. This starts at the implementation stage as misconfigured PAM can make daily tasks overly restrictive and become a barrier for workers trying to access documents and data for their jobs. From there, PAM facilitates protection through a number of features, including secure credential management, password masking and rotation, and flagging abnormal use of credentials and privileged account activity.

Having to manage thousands of sensitive credentials across the network, whilst complying with legal regulations, creates huge challenges for organisations and can be a significant drain on resources. Channel partners are key to removing the headache of managing this responsibility, plus the cyber risks that come with it. PAM solutions can improve security during the permission assignment process, as well as tracking activity within privileged accounts to ensure the right employees have the necessary access to do their jobs.

What are the biggest opportunities for the channel?

Lack of visibility of privileged users, accounts, and assets means that teams often lose track of who still has access to what. The rapid pace of digital transformation and widespread shift to the cloud over the past year has exacerbated these security risks. In some cases, past employees are still granted access to sensitive information, greatly increasing the company’s overall risk exposure. Without being able to track these privileges, businesses leave themselves open to attacks.

Partners with PAM in their portfolio are armed and ready to support these organisations to get user accounts under control. There are several layers of value that PAM can offer the channel, including removing the need to store passwords and other credentials locally – which is a huge security risk – as all credentials are kept in a cloud vault with high level encryption. Software-as-a-Service (SaaS) technologies can automatically retrieve credentials from the vault without admins ever seeing them, and identity management tools can provide role-based access controls to ensure the correct permissions are assigned. Further, service providers can deliver evidence to customers of who has access to each part of the network and at what times.

Keeping up with the ever-changing security landscape

More advanced and sophisticated methods within attack vectors open up each day, as evidenced by the SolarWinds breach and the Colonial Pipeline incident, bringing with them countless numbers of criminals looking to exploit any weaknesses left unchecked. At the same time, the number of cyber attacks resulting in massive credential theft has doubled over the past five years, so the channel must be prepared to face this trend head on; just one unprotected user account could be the lit match in a dry field.

Remote working will continue to throw challenges and obstacles into the path of business security, and so the channel and enterprises alike will need to stay on top of their cyber security strategies. With identity now the main target for attackers, solutions that strengthen defences around this will remain fundamental to long-term success. To deliver the highest level of consultancy to their customers during this process, service providers must be able to advise on these latest solutions: this not only opens up new and ongoing revenue streams but helps to position them as trusted advisors equipping clients with the most innovative solutions to protect their most sensitive and valuable assets. Adding PAM to their growing portfolio of services will strengthen partners’ positions when it comes to assisting businesses in their fight against cybercriminals and maintaining their trust for years to come.

Kamel Keus is VP EMEA at ThycoticCentrify