Thycotic debunks top Privileged Access Management myths
.jpg)
Article by Thycotic chief security scientist and CISO Joseph Carson
Cybercriminals have an arsenal of tools at their disposal and an almost endless variety of system vulnerabilities they can exploit to breach their targets.
In most cases, however, security incidents can be traced back to the use of compromised user accounts.
The Verizon 2018 Data Breach Investigations Report, for example, found that 81% of data breaches involved the use of stolen or weak passwords.
Another report from Gartner revealing its Top IT Security Projects for 2019 listed Privileged Access Management (PAM) – which locks down and monitors access to user accounts, among other things – as the number one project.
Organisations have traditionally protected their networks with firewalls, VPNs, access controls, IDS, IPS, SIEMs, email gateways and so forth, building multiple levels of security on the perimeter.
Technologies like cloud, mobile and virtualisation, however, now make the security boundaries of an organisation blurry and the traditional security perimeter is no longer such an effective cybersecurity control.
With a limited budget, IT security staff are continuously searching for ways to protect the data they have been entrusted with while looking to add value to the business.
Privileged Access Management is proving to be the new cybersecurity perimeter and an effective solution to reduce organisations’ business risks from cyber-attacks.
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets that upper management, IT administrators and service account users have.
This access allows more rights and permissions than those given to standard business users.
‘Standard’ business users often have more rights than they really need – something PAM also addresses.
Privileged access is the access most often targeted by cybersecurity threats because this access leads to the most valuable and confidential information, such as customer identities, financial information and personal data.
So why does Gartner also estimate that only 40% of organisations have implemented Privileged Access Management practices for all enterprise use cases?
The reason is PAM’s complex past and a number of misconceptions that have sprung up as a result.
Misconception #1: Implementing PAM is too complex
A complex reputation for PAM solutions dates back to an earlier time.
Legacy PAM software was often overly complicated, leading to needlessly difficult implementations.
Installations could take several months to finish, with some cases taking years or simply remaining incomplete.
These older iterations could also be extremely resource-heavy, requiring the efforts of multiple expensive specialists.
Many IT teams decided that PAM was not worth it, while those that persevered are still bitter about all the grief the process caused them.
Of course, most of these experiences stem from a different era of security, where organisations could more comfortably rely on their firewall to keep attackers away from their networks and privileged accounts.
While many IT veterans may still bear well-earned grudges against early PAM tools, they can no longer afford to shun the approach in the current security climate.
The good news is that PAM solutions have evolved to become much easier to implement and use.
Many are now designed for out-of-the-box deployment, enabling IT teams to get them up and running quickly without the need for expensive specialists.
The best tools are also built to be flexible and scale with the organisation as it grows and its security needs change.
Misconception #2: PAM makes things harder for users
This misconception also dates back to the days before the advent of easy-to-use PAM solutions with features like password management aimed at improving user experience.
Cybersecurity has never been a positive security experience for most employees.
In many organisations there is tension between employees and the cybersecurity team due to the negative impact that many solutions have on productivity, resulting in employees looking for ways around them and increasing risk.
Many employees suffer from cyber fatigue – the frustration experienced in juggling scores of online accounts with multiple (and supposedly strong) passwords.
In many cases, individuals feel so frustrated that they give up trying to manage things safely and default to using the same passwords for multiple accounts, sharing passwords with family members, and logging on to the Internet using their social media accounts.
IT security staff should be looking for ways for employees to have a better experience with security, and the best way to do this is to implement PAM solution.
This will help remove one of the biggest causes of cyber fatigue and will generate new passwords and rotate them when they are stolen or compromised, which these days could be as often as every week.
Misconception #3: PAM is just another cost to the business
Because they only reduce risk, most organisations spend valuable budget on cybersecurity solutions that typically add no additional business value.
However, the right PAM solution actually makes employees more productive by giving them access to systems and applications faster and more securely.
Implementing a PAM solution secures access to sensitive systems and reduces the risk of getting compromised by disclosed passwords on the dark web. PAM also reduces cyber fatigue and simplifies the process of rotating and generating new complex passwords.
All of these save valuable employee time which translates directly into cost savings for the business.
One of the major reasons that Privileged Access Management has been listed as the number one security project for organisations is that it saves them time and money – both of which can go back into their cybersecurity efforts – enabling cybersecurity teams to get more done with the same budget.
Although some IT veterans may still feel compelled to delay PAM, choosing the right solution will enable them to gain full control over their privileged accounts without reliving the pain they may have experienced in the past.
source securitybriefeu
Industry: Cyber Security News
Latest Jobs
-
- IAM Consultant- OKTA
- Germany
- upto €90,000 plus benefits
-
I am looking for an experienced IAM process Manager to help drive forward a series of IAM implementation for a global Manufacturing business, Ideally you will be skilled with Okta and have knowledge of PAM Solutions, You will be responsible for: Driving the design and continuous improvement of complex IAM solutions in close collaboration with business partners Consult on the optimisation of IAM processes and design proper IT-based solutions to meet availability and quality targets Define technical specifications for SW-development (standards, design patterns, test cases, scenarios) and manage the life cycle of designed solutions Actively scan for relevant innovations and new technologies to identify further potential for improving IAM solutions and processes using OKTA Analyse new features of the regular Okta releases We are looking for someone with strong IAM experience as an Architect, Analyst, Technical Engineer, or similar role in the Identity and Security domain Experience with relevant certifications in development/administration, design and configuration of the Okta IAM platforms Familiar with LCM - joiners, movers, leavers, application federation - SAML, OIDC, SCIM and many other IAM terms Good mix of competences in IAM business process and project management concepts and tools e.g., ServiceNow, Jira, PRINCE2, SCRUM (agile)
-
- SAP Security Consultant
- France
- upto €70,000 plus benefits
-
I am looking for an experienced SAP Security Consultant. The ideal candidate will have a strong understanding of SAP security concepts and be able to apply them to real-world scenarios. ideally you will also have experience with Securitybridge or Onapsis, or a similar SAP security tool. Your responsibilities will include: Reviewing and auditing SAP security settings and controls Identifying and remediating security vulnerabilities Implementing security best practices Educating users on SAP security Experience experience in SAP security Experience with Securitybridge or Onapsis, or a similar SAP security tool would be very advantageous Strong understanding of SAP security concepts Excellent problem-solving and analytical skills Excellent communication and presentation skills Fluent in French & English
-
- Post Grad MSc Cyber security - Junior Cyber Risk Analyst wanted. UK
- United Kingdom
- Entry role
-
The perfect start to your new Cyber Security Career. Post Graduate Cyber Risk Analyst Wanted. Are you are fresh from earning your Cyber Security MSc and eager to start your career in Cyber Security? We are looking for a recent post graduate to join a forward thinking Cyber Security Consultancy for the ideal entry role into Cyber Security. Whilst employed industry experience is not expected, as full training and support will be provided, a history of recent education in Cyber Security / Cyber Risk is essential. We are looking for someone with an inquisitive mind, who is confident to ask the right questions and who isn't afraid to challenge the status quo. Superb communication skills are a must (in person, written and verbal) This is a UK based role that is remote first with monthly travel (1-2 a month) to meet with the team and in time to meet clients. If you aren’t available to travel this isn’t the opportunity. We are unable to provide VISA sponsorship as there will be a requirement to achieve Security clearance If you're adaptable, open to fresh perspectives, and excited to be part of a forward-thinking team and looking for an opportunity to help make a difference in a Cyber consulting role, this opportunity is for you. For more information apply here……
-
- Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared
- London
- OUTSIDE IR35
-
Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared • We require someone that has experience of migration exchange from windows server 2012 to 2019. • In depth understand of On-Prem exchange server management and deployment. • Experience migrating On-Prem exchange servers from 2012 upwards. • Secure Email Gateway experience essential Due to the nature of the requirement the individual must be commutable to London 2-3 days a week.