By Cameron Williams
In today’s operating environments, where threats are increasing in volume and sophistication daily, security and IT leaders are forced to balance protecting an organization’s critical data to ensure business continuity and enabling users and administrators to be productive at work.
Years ago, companies aimed to prevent hackers from gaining access to their systems by erecting firewalls and perimeter defenses focused on keeping bad actors out. However, this approach has grown outdated and ineffective. Organizations no longer have the luxury of automatically trusting anything inside or outside its perimeters, and instead must now focus on verifying and protecting the devices and privileged users already inside an organization from being exploited.
Today, controlling and monitoring which system users need privileged access to accomplish specific tasks is extremely important to mitigate the risks posed by insider threats, preventing data breaches and meeting compliance requirements. A privileged user is someone who has administrative access to critical systems, and privilege should only be extended to trusted users. Privileges include the ability to change system configurations, install software, change user accounts or access secure data, which is why only responsible users should be trusted with these privileges.
Privileged access management (PAM) is a suite of functionality that protects privileged user accounts from compromise by providing a safe environment in which users with privileged access may access target systems with credentials managed by the PAM system on behalf of the user.
The bigger and more complex an organization’s IT systems get, the more privileged users they have. These privileged users could include employees, contractors, remote or even automated users, and some organizations have as many as two to three times as many privileged users as employees.
With today’s operating networks evolving at such a rapid pace, countless organizations have lost track of the endpoints, devices, and infrastructure attached to their network. Organizations are also behind on rolling out protections to their critical infrastructure.
Unfortunately, for many organizations, this all means it is not a question of if but when a breach will occur. However, PAM aims to keep organizations safe from accidental or deliberate misuse of privileged access by offering a secure, streamlined way to authorize and monitor all privileged users for all relevant systems.
Failed pam deployments
The first challenge in proactive cybersecurity is gaining “situational awareness,” or a solid picture of the network environment — even the “invisible” portion. To see users, network devices and connections, security teams are required to collect significant network information and assemble it into a model of the network. Combing through all of this data is difficult, especially when the only resource may be a spreadsheet of device inventory data created months ago that is likely both out of date and missing information.
Unfortunately, there have been a significant number of failed PAM deployments in recent years as IT systems grow bigger and more complex. When deploying PAM, organizations often run into challenging issues, including two incredibly difficult steps. First, it’s very hard to detect every device and privileged user on a network. Then, its excruciatingly difficult to put all of those users and devices into a PAM system and deploy everything needed for PAM.
Many organizations don’t expect PAM deployment to take as long or cost as much as it ultimately does in many cases. Consequently, countless companies either give up or can’t continue to invest — and their deployment fails.
As a result, too many companies have no idea which assets and privileged users are connected to their networks, presenting both security risk and complexity when deploying countermeasures. Fortunately, automated discovery tools can help to get a handle on assets, ensuring they’re managed securely and that PAM is being deployed on time and on budget.
How automation helps
Increasingly, a critical component of a robust cybersecurity program is automation. Hackers and bad actors are progressively developing and deploying automated attacks in order to scale more effectively and to reduce the amount of direct support and instruction that many traditional cyberattacks require. To effectively compete against this level of sophistication, organizations need to combat automation with automation.
Before companies can effectively manage privileged access, they have to identify and catalog devices, assets, configuration data, access paths, and security policies. Automation makes this process faster, easier and more accurate than ever before.
While some companies have a solid inventory of critical assets, many do not. And for those that don’t, an automated discovery tool can be incredibly helpful. Today, advances in automation technologies allow organizations to detect privileged users and devices on the network quickly and more efficiently than ever before.
After an automated discovery tool reveals the privileged users and devices on a network, the real fun begins. The information provided during automated discovery offers insight that powers automated orchestration tools to provide complete coverage with the PAM deployment.
Automated orchestration technologies enable users to arrange and manage the myriad of security technologies in place at most companies (i.e. Firewalls, IDS/IPS, sandboxes, endpoint security agents, ticketing systems, deception technologies, vulnerability scanners, behavioral detection tools, etc.), eliminating the manual effort that comes with managing assets in an identity security platform. With most PAM vendors, users would have to go out and manually configure servers one at a time or figure out how to script the servers themselves.
The orchestration is vital as it directs all activities relating to an organization’s standard operating procedures, delivering consistently predictable results and optimal utilization of available resources. High-tech tools reduce the once time-consuming orchestration of hundreds of servers from months of work down to just a few moments, significantly reducing the time it takes to deploy PAM solutions.
In the end…
Talented IT staffers are fighting an uphill battle as cyber threats appear more frequently and grow ever more sophisticated in today’s increasingly complex IT networks. In fact, 2017 set the record for both the most breaches and the most data compromised in a year. In order to claim victory in this environment and adequately secure critical assets and data, IT security teams must plan for PAM as a core preventative and monitoring technology.
Automation reduces or completely removes the friction associated with PAM deployment. It levels the playing field by keeping servers, devices, and infrastructure up to date, limits or prevents lateral movement in a breach and prevents insiders from damaging complex critical IT infrastructure. In today’s public-private cloud environments, servers are added rapidly to an environment. Automated discovery and orchestration tools allow PAM components to be deployed in just a few minutes, not hours or days, to protect new cloud servers. While many companies may be able to fuse copious amounts of security tools to protect their IT infrastructure, it still requires a significant amount of manual effort.
Data breaches are not going away anytime soon, and as the threat of cyber attacks continues to increase, organizations need to reconsider how security is managed. In the era of constant connectivity, it’s vital that companies leverage available tools and technologies. The best tools are all-in-one security platforms that revolutionize the speed at which PAM can be deployed by automating the discovery of assets as well as the onboarding of all target systems into the platform, providing continuous protection against identity-based breaches in even the most dynamic environments.
About the Author
Cameron Williams is the founder and CTO of overwatchid, the industry’s first Converged Identity Security Platform, comprising Privilege Account Management, Cloud Access Security Brokering, Identity Access Management, and multifactor Authentication in a multi-tenant saas platform. Cameron can be reached on LinkedIn at https://www.linkedin.com/in/cameron-williams-3696a18b/