7 Steps for Complete Privilege Management
This white paper identifies seven core areas for privileged access management, presenting the key capabilities you should seek across each of these areas.
Each core area, when implemented, will provide you with greater control and accountability over the accounts, assets, users, systems, and activities that comprise your privileged environment, while eliminating and mitigating many threat vectors. You can address these areas all at once, or more commonly, phase in controls for one or several regions of PAM at a time. The more of these areas you implement, the more PAM synergies you will see, and the more impactful the reduction in enterprise risk and operational improvements will be.
Throughout the process of selecting and deploying your privileged access management solution, keep in mind these business requirements, as they will help you articulate the value of this program higher in the organisation:
Total Cost Of Ownership
Does it result in time savings, such as replacing manual processes with automation, and allow you to redeploy resources for other initiatives?
Time-To-Value
How soon does it help you measurably improve security controls and dial down risk? How long will it take to achieve your end-state goals with the solution?
Integrations
How does it integrate with the rest of your security ecosystem (IAM, SIEM, service desk, analytics)? Does it help you make better decisions on risk? If it only works well as a standalone or point solution, it’s likely only a stopgap versus a long-term solution. On the other hand, if the solution has synergies with your existing security solutions, it will also help you maximise existing investments.
Longevity
Will the solution vendor grow with you or even pull you towards growth through security enablement? Is the vendor equipped to evolve its capabilities and enhance feature richness to meet the PAM use cases of tomorrow?
Improve Accountability and Control Over Privileged Passwords
The most logical starting point for gaining greater control over privileges is to improve accountability for privileged credentials. According to Forrester Research, privileged credentials are implicated in 80% of data breaches.
Admins commonly share passwords, which makes it nearly impossible to get a clean audit trail. Many systems, applications, and devices (including Iot devices) have embedded or hardcoded passwords, which can open up opportunities for misuse. Passwords are needed for application-to-application and application-to-database access. New privileged credentials are created when cloud or virtual instances are spun up. The list goes on.
Manual password management measures, such as discovery, rotation, and enforcement of best security practices, are notoriously unreliable, complex, time-consuming, and impractical to scale. And some best practices – such as eliminating and centrally managing certain types of embedded passwords — are virtually impossible without enterprise tools.
How do organisations ensure security and accountability over all the different types of credentials that allow privileged access, without disrupting administrator productivity or other workflows and processes?
Goal: An automated, comprehensive solution to seamlessly discover the ever-expanding list of privileged accounts/credential types (both human and non-human) in your environment, place those accounts/credentials under management, and satisfy auditor requests that they are adequately managed. Such a solution will outright eliminate some privileged attack vectors while mitigating many others, significantly reducing enterprise security exposures. This requires a purpose-built enterprise password management and privileged credential management solution that can automate each phase of the password lifecycle, consistent with your security policies.
Other considerations: How important is scale? Do you have just a few thousand privileged credentials, or many hundreds of thousands? A handful of PAM solutions may be able to scale to manage tens of thousands, or even hundreds of thousands, of privileged user credentials. Fewer still can also manage high numbers of SSH keys. And, if it is important to you (it should be) to monitor and manage all privileged sessions, understand that just a couple of elite vendors can monitor and manage hundreds of thousands of concurrent sessions. And, only BeyondTrust delivers all of these capabilities, meeting the enterprise needs of scale across the board and in any environment.
Implement Least Privilege and Application Control For Windows & Mac.
Once privileged credentials and accounts are consistently discovered, onboarded, and managed, the next step in completing privileged access management is to implement least privilege on end-user machines by eliminating local administrator rights. If you have Windows servers, you also want to configure the proper privileged access for your various Administrator accounts, including Network, Microsoft Exchange Active Directory, Database, Developers, Help Desk, IT Staff/Power Users, and others.
With a least-privilege approach, users are granted permissions only to the systems, applications, and data they require based on their current role. Rather than having privileges enabled and always-on, thus always ripe for misuse or abuse, the privileges are only elevated on an as-needed basis. By defaulting most users to standard users and only elevating privileges as needed, you drastically reduce the threat surface, sharply curtail the ability for lateral movement, and minimise the risk of threats, such as phishing and ransomware, to land and expand. By tightly controlling and auditing admin access, you also ensure your most sensitive assets are protected.
Relying on native and ad hoc, in-house toolsets to restrict or enable end-user privileges is onerous and time-consuming. Although users should not be granted local administrator or power user privileges in the first place, certain applications sometimes require elevated privileges to run.
How do IT organisations reduce the risk of users having excessive privileges without obstructing their productivity or overburdening the help desk with requests for privileges/permissions?
Goal: The ability to efficiently eliminate local admin rights across Windows and macos systems, tightly control and audit admin access to servers and sensitive systems, and enforce granular control over applications. This requires enterprise endpoint privilege management solutions that remove end-user privileges while automating rules-based technology to elevate application privileges, without ever elevating user privileges.
Other considerations: How important is the solution’s time-to-value for you? Some solutions will require a complex service arrangement, while others can demonstrate a demonstrable risk reduction and help reduce help desk tickets in just weeks.
Secure Remote Access for Vendors & Employees
Remote access pathways represent the weakest links for most organisations, and cybercriminals are aware of this.
IT administrators, insiders, and third-party vendors require privileged access to perform their jobs effectively; they also need the ability to elevate their privileges. Organisations often lack visibility into what vendors are doing when they access their network. VPNS provide far more access than is usually required. Most other remote access solutions also share similar pitfalls with VPN, including a lack of granular security settings, an inability to provide a comprehensive audit trail, and a lack of support across diverse operating systems and use cases.
These are all serious shortcomings. And when you consider the scale of the problem, it’s apparent how critical this deficiency is. As the published research from BeyondTrust’s 2019 Privileged Access Threat Study found, on average, organisations have 182 third-party vendors logging into their systems and networks in a typical week. With numerous remote access points and typically suboptimal visibility, auditing, and security controls over this access, it’s only a matter of time before a weak link across the remote access surface is compromised, either by an employee or a third-party vendor.
How can organisations better monitor access for privileged users without inhibiting business agility?
Goal: Eliminate “all or nothing” remote access for vendors by implementing granular, role-based access to specific systems and defined session parameters. Allow vendors or internal users access to specific systems for a specified period and a particular application or purpose. Administrators can approve or deny access requests from anywhere and any device, to anywhere and across major platforms.
Implement the principle of least privilege and audit access across Unix and Linux server environments.
Business-critical, Tier-1 applications running on Unix and Linux servers are prime targets for cyber threat actors. Privileged user credentials for these resources can provide access to e-commerce data, ERP systems with employee data, customer information, and sensitive financial data.
Having root passwords, superuser status, or other elevated privileges is crucial for IT administrators to perform their jobs effectively. Unfortunately, this practice presents significant security risks stemming from intentional, accidental, or indirect misuse of privileges.
Native, open-source, and ad hoc tools are often used as a means to “get by.” But in server environments with even modest complexity, you end up paying a high price for these “free” tools in several ways. For instance, some dangerous, or at least onerous, shortcomings of sudo and other basic tools include:
- Unsettling deficiencies in oversight, forensics and auditing: lack of file integrity monitoring, log securing, or the ability to record sessions and keystrokes for audits
- Serious security gaps: For instance, these tools don’t account for activity inside scripts and third-party applications, leaving a shortcut to unapproved applications. Nativeools cannot also delegate authorisation without disclosing passwords.
- Administrative complexity and lack of scalability: policies typically need to be managed on each server when using sudo or other basic tools
- Don’t offer an efficient migration path away from sudo if it is being used.
- Lack of enterprise support
With sudo and other tools, it’s virtually impossible to maintain best-practice security and compliance in all but the most primitive of IT environments. And, simply put, the stakes of inadequate privileged access controls in your Unix/Linux environments are far too high.
Goal: Visibility and control over all privileged activities across Unix and Linux. Consistent enforcement of least privilege, efficient delegation of Unix and Linux privileges, and authorisation without disclosing passwords for root or other accounts. The ability to either do away with sudo outright, or make the most of sudo by layering on enterprise capabilities that resolve security and auditing deficiencies, and make administration simpler and less prone to error.
Other considerations: Do you also have Windows servers and desktop endpoints? To achieve a single solution, do you prefer a single vendor and platform for implementing PAM across all your endpoints, or are you comfortable with relying on different vendors and management consoles for other operating systems? Additionally, is it essential for you to be able to enable single sign-on across your heterogeneous infrastructure and unify policy management across Unix, Linux, macos, and Windows? If improving PAM coverage and reducing complexity are important to you, there are only a few vendors that can meet your needs.
Leverage User, Asset & Application-Level Risk to Make Better Privilege Decisions
Once privileged credentials are under management and end users have the necessary privileges to perform their jobs – and no more – you can progress to leveraging real-time vulnerability data to make more informed decisions about privilege elevation. For instance, if an application is running with a vulnerability, should you permit it access to perform a highly sensitive operation? The answer may vary based on the unique contextual factors in your environment. For this to be actionable, it requires the ability to do at least three things:
- Know where the vulnerability exists.
- Understand how the risk changes depending on the assets the vulnerable application interacts with and the privileges it elevates, and where these scenarios fall within your risk appetite.
- The ability to orchestrate a response, in real-time, that is consistent with your policies and risk appetite.
But how do you accomplish this at the enormous scale most organisations would demand?
Goal: Seamless integration of automated privilege elevation/delegation capabilities with vulnerability, risk, and threat intelligence to make smarter privileged access decisions.
Unify and Centralise Privilege Management, Policy, Reporting & Threat Analytics Under a Single Pane of Glass
It’s no secret that IT and security professionals are overwhelmed with information on privileges, vulnerabilities, and attacks. Unfortunately, advanced persistent threats (APTS) often go undetected because traditional security analytics solutions are unable to correlate diverse data to discern hidden risks. Seemingly isolated events are written off as exceptions, filtered out, or lost in a sea of data. The intruder continues to traverse the network, and the damage continues to multiply.
Generally, the more point tools you have, each with different administrative interfaces and built with different code, translates into:
- Heightened risk that your solutions won’t integrate or communicate well with each other, resulting in downtime, security gaps, and frustration
- Steeper learning curves for your administrators
- Persistently higher administrative burden
- Delayed orchestration in response to threats
How do security and IT operations teams gain an understanding of where threats are coming from, prioritise them, and quickly mitigate the risks?
Goal: A holistic view of risk with advanced threat analytics that enables IT and security professionals to identify data breach threats, whether sophisticated or typical, rapidly. This includes the ability to pinpoint specific, high-risk users and assets by correlating low-level privilege, vulnerability, and threat data from various third-party solutions.
Integrate Unix, Linux and MacOS into Windows
Once you have greater control over privileged access in Unix and Linux environments, the next logical step is to bring those systems under consistent management, policy, and single sign-on.
Unix, Linux, and macOS have traditionally been managed as standalone systems – each a silo with its own set of users, groups, access control policies, configuration files, and passwords to remember. Managing a heterogeneous environment that contains these silos – plus the Microsoft environment – leads to inconsistent administration for IT, unnecessary complexity for end users, and risk to the business.
How do IT organisations manage policy consistently across diverse platforms and provide a streamlined user experience that reduces administration time and errors?
Goal: Centralised authentication for Windows, Unix, Linux, and macos environments to reduce the risk and complexity of managing a heterogeneous environment. Improved efficiencies by reducing the number of logins (and the associated help desk calls when they are forgotten), and the number of different systems, configurations, and policies to manage. This requires an Active Directory Bridging solution.