Historically, the model for protecting organisations from cyber attacks focused on ring-fencing networks to prevent them being accessed by external threats. If you could keep hackers outside your perimeter, the theory went, then your critical data and systems would be safe within.
But as our networks evolve and digital transformation progresses, this old model is no longer sufficient to keep organisations safe. Where more sophisticated infiltration techniques meet increasingly porous perimeters, privileged access management (PAM) has become a powerful tool in the cyber security arsenal.
Disrupting the attack lifecycle
Digital transformation has led to increasingly complex IT systems that are likely to include not only a single on-premises data centre but public cloud providers – and often multiple cloud providers – making for a perimeter that is almost impossible to protect or, you might argue, has disintegrated to the point of effective nonexistence. In this environment, a security setup that focuses on securing endpoints, firewalls and networks does not offer sufficient protection. The truth is that malicious actors have become experts in accessing business systems using weak, compromised or stolen credentials gained through techniques like password hacking or phishing.
Once they are inside, the next step in the attack lifecycle is lateral movement, in which the hacker assesses your network to discover valuable targets. They then take advantage of trusted paths within the network in order to access your data centre and extract your vital information. Chances are, this all might go undetected, and with systems that may support hundreds or even thousands of logins, it becomes almost impossible to identify the source of any breaches that are discovered.
Forrester reports that 80% of breaches involve privileged access abuse. For these reasons, it’s recommended to plan your security as though the attackers are already inside.
Privileged access management services offered by providers like Centrify serve to disrupt the attack lifecycle. By operating under the assumption that malicious actors are already inside the network, PAM focuses on limiting privileged access to critical systems and data.
A key element of PAM is least privilege. This is an approach in which access is limited to what each user needs. The goal of this is to reduce the scope of access across your network, limiting the number of accounts that have access to the secure systems, applications and commands that attackers will be seeking to infiltrate. Users can be granted access on a time-limited basis, using safety measures such as multi-factor authentication (MFA). Centrify operates an “MFA everywhere” approach which requires users to confirm their identity at every step in the PAM process, severely limiting anonymous hackers’ ability to move through your network unnoticed.
Through PAM, administrators can also keep track of who has privileged access and when. This increased oversight means that, when breaches do occur, it is much easier to pinpoint their source and, if a hacker has somehow been able to gain privilege access, to block them from infiltrating your data again.
There are various tools in the PAM arsenal. Using vaulting systems like Centrify’s Password Vault are an effective step for protecting shared accounts by restricting access to login details, although vaults are less effective for hybrid-cloud and multi-cloud setups. For better protection, they need to be supported with authentication systems like those using MFA as mentioned above, as well as tools like Centrify’s Privilege Elevation Service package that give admins control over the extent and duration of user’s privileged access and allows them to respond to requests submitted via Access Request and Approval Workflow. Analytics systems can be used to assess how well your PAM is operating and refine your settings to ensure optimal security.
Privileged access management in 2020
The world-changing events of 2020 have caused huge shifts in the way we work, as well as accelerating many of the trends we have already touched upon. The consequence of this is a new model of working that makes PAM more of a priority for security than ever before.
The lockdown brought about by the COVID-19 pandemic has resulted in a huge shift to remote-working practices – the Office of National Statistics reports that an incredible 46.6% of people in employment in the UK did some work at home in April.
These dispersed networks have served to further accelerate the dissolution of those protective perimeters that we used to defend so assiduously. Many if not most of workers’ access to data centres and protected systems will occur remotely, potentially over unsecured home networks. Under this new model of working, logins may be even more vulnerable to compromise, opening the way for an increase in privileged access abuse if steps aren’t taken to prevent it.
With remote logins the order of the day, it’s not hard to see the value of PAM in allowing your organisation better oversight and control of your workforce’s access to critical areas of your network. Centrify provides secure remote access capabilities to ensure that level of security even if the majority of your workforce is no longer under one roof.
With digital transformation rolling ever onwards and remote working practices looking likely to remain common even after the pandemic passes, it’s clear that PAM should be an essential element of any robust cyber security setup.
What should you be looking for in a PAM solution? Download Centrify’s buyers guide
