Next-gen PAM enables teams instead of holding them back
For the first time ever in 2020, the annual Verizon Data Breach Investigations Report included a section devoted to Privileged Access Management, leading with a jarring figure: 53 percent of all investigated breaches were due to the misuse of privileged accounts.
It makes sense that Privileged Access Management (PAM) would be vital to the security of an enterprise, as PAM controls access to administrative accounts -- or accounts that provide unlimited access to the systems which includes access to any sensitive data or important applications on that system. Bad actors gain access to these accounts by exploiting vulnerabilities like default and weak passwords, dormant accounts, and even leveraging social engineering tactics.
The consequences are beyond dire. Once a privileged account is breached, a bad actor can easily steal sensitive information or make other actions to access other applications and infiltrate further into the enterprise.
However, with the proper PAM tools, procedures, and processes in place, only an appropriate, authorized user has access to a privileged account and the sensitive controls and content the account can access.
While it may seem like a no-brainer to implement PAM into every company’s security program, PAM programs cause problems. Simply put, they can slow things down. Privileged accounts are necessary and common to facilitate many enterprise IT operations. A local IT person might need to provision a server. An employee might need emergency access after being locked out of an application. Developers and their IT teams might need to access different systems or databases to update or deploy applications. PAM can make all these things harder by ensuring that the person requesting privileged access is authorized.
Further, most approaches to PAM do not consider holistically the environments where they are needed. Organizations have traditionally dealt with PAM by deploying point solutions to address privileged account password management, delegation, session management and analysis for abnormal activity. The solutions don’t work well together at best. At worst they are difficult to deploy and don’t integrate with existing environments or how IT pros work. To simplify their jobs and remove annoying hindrances, privileged account users often ignore access best practices, resulting in routine violations of security policies.
Being lax when it comes to PAM has big consequences though. So what can companies do to implement an effective PAM program that enables their teams rather than holding them back? Enter next-generation PAM.
What is Next-Gen PAM?
The evolution to next-gen PAM began with solutions for password management, the unification of UNIX environments and session-management solutions with analytic capabilities. However, even though first-gen PAM solutions were effective, they were developed in a disjointed nature by multiple vendors making it difficult to deploy and integrate them into existing business processes.
Without a holistic view of organizations’ privileged accounts, first-gen PAM solutions hindered admins productivity. Providing a holistic-based program view, next-gen PAM considers the needs for privileged access while also being mindful of the shifting nature of bad actors and their attempts to compromise privileged accounts.
Breaking down a few different aspects of next-gen PAM provides a better understanding of how it works and is well suited to organizations today:
How: Privileged users are always in a hurry. Their job is to maintain operations throughout a business, so when their role is not functioning efficiently, the business suffers. Next-gen PAM solutions adapt to how these roles function and the day-to-day responsibilities they’re in charge of. Account authorization matches the workflow of each role.
Where: Control over who has access to what data needs to happen where the action happens. A given organization has its own applications, built with DevOps tools they prefer. They have their own onboarding and deprovisioning processes. Next-gen PAM solutions integrate into any environment.
When: One of the biggest frustrations of PAM is not receiving authorization to a privileged account when it’s requested. Next-gen PAM solutions provide real-time, automated authorization while stopping unauthorized access attempts.
Who: Granting privileges to the right person is the core purpose of a PAM solution. Next-gen PAM solutions need to be tightly integrated into an organization’s Identity Management deployment to facilitate seamless authentication.
Is Next-Gen PAM possible today?
Next-gen PAM is not only possible today, it is vital as computing environments are more amorphous and more and more workers are working from anywhere. When evaluating next-gen PAM approaches, a few key things to look for:
- Frictionless, just-in-time access management, which means providing just the right amount of access only for the specific time period it is needed.
- Seamless integration. This means the solution needs to integrate with your organization’s operations for things like DevOps and Robotic Process Automation.
- Approval anywhere. The PAM solution must enable real-time privilege checks and approvals for efficient and agile privilege credential delivery.
- Close connection to identities. Without secure identities, an organization cannot be assured of the solution’s integrity.
- Simplified deployment. Next-gen PAM solutions eliminate nearly all deployment challenges by requiring minimal changes to an organization’s environment.
- Scale and transformation with your business. From supporting hybrid environments to cloud initiatives, next-gen PAM solutions are flexible enough to evolve with an organization's needs to help it achieve rapid time-to-value.
Many organizations have reconsidered significant portions of their IT infrastructures in recent months, given how our lives have changed. Considering an organization’s approach to PAM follows suit. The time is now to deploy a PAM solution that affords flexibility, integrates into current systems and application deployment methods, and can move quickly and securely to grant privileged access.
Tyler Reese is Product Manager at One Identity. With more than 15 years in the IT software industry, Tyler Reese is extremely familiar with the rapidly evolving IAM challenges that businesses face. He is a product manager for the Privilege Account Management portfolio where his responsibilities include evaluating market trends and competition, setting the direction for the product line -- and ultimately, meeting the needs of end-users. His professional experience ranges from consulting for One Identity’s largest PAM customers to being a systems architect of a large company.