At the recent RSA Conference in San Francisco, this was the question asked by Jackson Shaw from Dell Security Solutions. A speaker on PAM at the conference, he then went on to educate all on the Laws of Privileged Account Management, why it’s important to everyone, and his action recommendations.
So, let’s set the scene with some facts and ask why PAM is important.
• The Verison 2015 Data Breach Investigations Report noted that out of the nearly 80,000 security incidents, 96% of them could be tracked back to just 9 basic attack patterns.
• Insider misuse was ranked third, and 55% was accountable to privileged accounts misuse.
• Cyber incidents involving former and disgruntled employees cost organisations between $5,000 and $3 million, says a recent review of FBI cyber investigations.
• Target’s breach was due to attackers being able to gain access using stolen credentials from a third-party vendor.
• OPM’s breach was due to passwords being stolen from a contractor.
• Hackers exploit businesses’ systems to gain access to networks, and leapfrog onto other systems.
Doesn’t make very nice reading! PAM isn’t just about IT, and it isn’t only IT’s job to manage it; it is everyone’s job to manage their access to corporate systems. Mainframes have system admins, every *nix box has a root account, and Active Directory groups have other groups attached; these aspects are more IT-related. However, applications, scripts, databases, apps such as SAP, network devices, firewalls, etc.; all of these are everyone’s responsibility and every individual is responsible for the management of their privileged access. There’s no more “it wasn’t me”; everyone needs to be accountable for their actions and shared accounts should be eliminated.
Protecting your business needs to extend beyond your standard firewall; it needs to include social media platforms, SaaS applications, and it needs to go outside the business to include partners, contractors and even customers. Yes, all privileged account access should be monitored but so should all non-privileged accounts – contract access, customer access, user access, partner access – and it needs to be stored for forensic purposes should any breach occur. Every IAM solution has analytical capabilities included and every business needs to take advantage of this benefit and analyse the risk of user’s access.
Today’s IAM systems often incorporate governance and Separation of Duties benefits and these need to be extended to privileged accounts. Privileged accounts need roles and specific privileges applied to those roles, then you can assign users to those roles using two-factor authentication, such as push-to-authenticate/approve processes, hard and/or soft tokens, Bluetooth ‘beacons’ and GPS/location information because, as hackers are proving time and again, just a password is no longer enough to protect your corporate systems.
However, just because you have all this user access authentication and privileged user account status, don’t assume you are safe wherever you are; a hacker will find the weakness. But updating and improving your PAM capabilities is only one part of the bigger picture and needs to work with your other corporate security solutions.
We are delighted that Jackson Shaw from Dell Security Solutions will be speaking at ZONE SE7EN’s forthcoming live Roundtable event on the topic of Privileged Access Management on 25th May 2016. For further information about the event and to register, click here.