Many of the most infamous and expensive data breaches and cyberattacks in recent years share a common attack vector: privileged credential abuse.
Poorly secured privileged user accounts are an easy target for cybercriminals to steal or corrupt sensitive data, plant malware or execute some other unlawful activity. According to the Verizon 2021 Data Breach Investigations Report, credentials are the primary means by which a bad actor hacks into an organization, with 61% of breaches attributed to compromised credentials.
In response to this threat, the cybersecurity industry developed Privileged Access Management (PAM) solutions. These are now maturing and we’re entering the next generation of PAM.
The pre-PAM landscape
Before PAM, managing access was like the wild west in many organizations. People were given access to privileged accounts by default, with little thought about whether they needed that level of access and the consequences of what they might do with that privilege.
Organizations were vulnerable from malicious and accidental insider attacks and, as the traditional IT infrastructure became more dispersed with public and private clouds and virtual machines, they were also increasingly vulnerable to external attacks.
Solutions needed to help manage who, and what, had access to business critical systems and sensitive data, as manual processes and homespun tools weren’t providing the visibility needed. Enter Privileged Access Management (PAM) solutions.
First-gen PAM
Privileged accounts typically belong to specific roles within an organization. These are the people who have the keys to the most sensitive data and access to the most business critical systems. People like you, IT security professionals, as well as IT administrators, finance and accounting teams and some in operational roles.
To manage these users, many IT security professionals have deployed first-gen PAM solutions in order to secure, control, monitor, analyze and govern privileged access.
These first-gen PAM solutions have been developed to solve specific problems, with different companies specializing in different bits of the jigsaw. The first PAM tools available addressed password management and delegation, and UNIX identity consolidation. Then session-management solutions gained traction, followed by privileged access governance tools, and eventually privileged threat analytics to monitor for suspicious behavior and other anomalies.
While all these solutions add real value and help secure your environment and protect users, the segregated nature of multi-vendor platforms have created additional problems for security teams and admins.
Many IT security professionals have found them difficult to deploy and integrate with existing environments and business processes. They’ve also experienced push back from admins who’ve found them inflexible, a drain on resources and a barrier to productivity.
Enter the next generation
Next-gen PAM solutions address these challenges by taking a holistic, unified approach. In recent years we’ve seen a trend towards more unified identity security solutions including single-vendor PAM portfolios.
These next-gen solutions include everything from password management, session management and delegation in heterogeneous environments to analytics, authentication and governance. Because they are single-vendor solutions each component is fully integrated, rather than siloed, and easy to deploy and integrate into your existing environment.
Do you need a next-gen PAM solution?
Before we look at the key benefits of a unified PAM approach, let’s consider the threat landscape again.
In recent years, particularly as a result of the pandemic, identity has become the edge. Organizations are hyper-dispersed with multiple physical sites (including users’ own homes), more machines than ever, numerous SaaS applications and cloud platforms and a multitude of user accounts (human and machine).
As a consequence, cybercriminals are increasingly targeting user credentials as the most profitable and effective way of launching an attack. The IT environment and the threat landscape has significantly changed since the development of first-gen PAM solutions.
5 benefits of next-gen PAM
The benefits below are what you should expect from a best-in-breed unified privileged access management solution. Of course, not all solutions are equal, so exploring solutions from your trusted partners, such as a Gartner Magic Quadrant for PAM leader, is a good start.
1. Simplified deployment
Next-gen PAM solutions eliminate nearly all deployment challenges experienced with first-gen PAM, by requiring minimal changes to an organization’s environment. They’re also secure by nature so there’s no additional overhead of securing the solution once it’s installed.
2. Transparent and frictionless
Next-gen PAM solutions are built to be unobtrusive and intuitive which reduces friction and ensures user acceptance. They offer a wide variety of ways for people to gain privileged access. There is also scope to unify your IAM and IGA to create an identity-based PAM which enables just-in-time access management - providing just the right amount of access only for the specific time period it is needed.
3. Seamless integration (automation ready)
A next-gen PAM approach shouldn’t require changes in the way your business operates. Instead it should integrate seamlessly into your DevOps, IGA and RPA practice via an API, with open source tools and SDKs to support integration.
4. Scales and transforms with your business
Next-gen PAM solutions are flexible enough to evolve with your organization's needs. From supporting hybrid environments to cloud initiatives, the solution should scale and transform with your business to help it achieve rapid time-to-value.
5. Approval anywhere
Next-gen PAM solutions, like One Identity’s, adopt an ‘approval anywhere’ approach to securely approve session or password requests from any device. The PAM solution must also enable real-time privilege checks and approval workflows for efficient and agile privilege credential delivery.
An identity-centered approach to PAM
Without secure identities an organization can’t be assured of any solution’s integrity. As we have explored above, today’s IT environment and the threat landscape requires you to adopt an identity-centric approach across the entire IAM spectrum, including PAM.
Bringing all resources into a unified identity security solution ties accounts to single identities and enables just-in-time privilege, supporting your identity-centric strategy.
When assessing different next-gen PAM solutions, look at the vendor’s capabilities in other identity security areas, such as identity and access management (IAM) and identity governance and administration (IGA). Integrating these solutions with your PAM enables you to unify accounts - both standard and privileged users - across your most critical systems and infrastructure.
To explore how unified identity security can close cybersecurity gaps, help you manage identities more effectively and save money, watch our video here.
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...