Mitigating Insider Threats with Privileged Access Governance
Authors: Kelvin Mbatu, Avinash Rajeev, Vivek Tejwani, Radhakrishnan Subramaniyan
Enterprises have become increasingly reliant on digital information to meet business objectives, effectively manage operations, and compete in a digitally connected world.
The digital ecosystem demands that organizations transform their identity and access management (IAM) programs to protect and monitor critical data and systems from cyber threats. IAM solutions enable organizations to securely perform business operations by granting users and applications access to digital assets, which is reviewed periodically for appropriateness and continued access.
Certain users, such as IT systems administrators, are entitled to have elevated or privileged access rights to systems, applications and data across the enterprise. This type of access can pose a serious threat if compromised. In fact, adversaries often target privileged accounts to gain a foothold on a corporate network and infiltrate systems across the enterprise. They typically do so using phishing schemes to obtain user credentials from insiders such as employees and third-party business partners – including suppliers, consultants, and contractors.
Many organizations have invested heavily in IAM technologies and processes in an effort to address risks, compliance, and operational gaps associated with the management of digital identities and access. But as adversaries develop increasingly sophisticated attack techniques, businesses have been forced to reassess the capabilities of their IAM solutions with a greater focus on privileged access management (PAM).
To protect data from internal and external threats, organizations need to manage the entire lifecycle of privileged accounts. Despite the rising compromise of privileged accounts, many organizations lack mature capabilities to effectively manage privileged access. For instance, some organizations have purchased solutions, but haven’t developed corresponding processes and governance to make them effective. Others may have good processes in place, but lack enabling technologies to address privileged access risks at an enterprise scale.
An integrated IAM and PAM implementation can help automate real-world business use cases to manage privileged accounts, including:
- Discovering privileged accounts configured in the PAM application to effectively manage through the IAM solution
- Auto-provisioning new privileged accounts using role-based access provisioning or provisioning policies configured in the IAM solution
- Automating periodic access reviews for privileged accounts
- Automating terminations of privileged accounts access based on user separation or termination events as processed in the IAM solution
- Implementation of these use cases can help businesses gain enhanced visibility into privileged accounts, enabling them to quickly respond to incidents and help facilitate regulatory compliance.
©2019 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
Read this article and others in the Identity Insider Magazine.