Privileged ID Management: Why This Category of IAM is Critical to Enterprise Security
October 4, 2016
In many organizations today, select users have elevated privileges attached to their day-to-day accounts. This means that the same account they use to access their email has domain-level administrative function privileges (e.g., the ability to modify security policies on a firewall).
Privileged accounts can make an organization vulnerable to both internal and external threats since:
- A user could accidentally make a configuration change they did not intend to make
- A malicious employee could willingly cause harm to systems and data
- An attacker could exploit multiple systems by gaining access to one user’s account
To mitigate the risks presented by privileged accounts, enterprises must balance the stringent process with appropriate technology. The practice of Privileged ID Management reduces privileged account exposure by restricting the privileged ID to a system and time period, as opposed to a user account.
The benefits of Privileged ID Management include:
- Time Restrictions: Access to any privileged device or system is limited to the duration for which the access is required.
- Scope Limitations: Privileged access is limited to the specific devices, systems or sub-systems required to complete the task.
- Simplified Auditing: Since Privileged ID is no longer tied to individual users, but is given in a restricted capacity, auditing is vastly improved and simplified.
- Improved Monitoring & Alerting: Privileged access outside of an authorized time, or beyond a defined scope, can be immediately detected and investigated. Unauthorized access becomes easier to identify and respond to.
In order to maximize the benefits of any Privileged ID Management product, an organization must first define the appropriate processes and procedures associated with access classification. The company’s security posture, risk profile, and regulatory requirements must be considered when addressing the following questions:
- During normal day-to-day operations, should any individuals in your company have privileged access?
- When privileged access is required, how does one obtain the required access?
- Should access only be given to the systems impacted by the proposed change?
- How long should the access be given for?
- What is considered ‘having access’?
- How is privileged access monitored?
- How do we handle alerting / incident response as it relates to Privileged ID Management?
- What data, systems or devices require privileged access regularly?
Having detailed answers to these questions as a baseline will help reduce the exposure of a company’s systems and data. The goal of Privileged ID Management is to limit privileged access to when it is absolutely necessary. By centralizing privileged access and managing it closely, an organization can greatly reduce their exposure to attacks, accelerate incident response time, and improve their ability to respond to audit or compliance requirements.
If you’d like support in deciphering your organization’s Identity and Access Management needs or want to learn more about Herjavec Group’s expertise in this area, please connect with a Herjavec Group Security Specialist.
[contact-form-7 id="99" title="Contact Herjavec Group"]
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centres, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across Canada, the United States, United Kingdom, and Australia. For more information, visit www.herjavecgroup.com.