Published: August 17, 2017 | Comments
For organizations to control access to their most sensitive information, it’s critical to establish specific policies and procedures. A good cyber security strategy should consider the people and processes it impacts as much as the protection it provides.
Historically, security best practices have focused on restricting and blocking access to sensitive data and systems to reduce the threat of a breach. While good in theory, in practice this often impedes employees’ ability to do their jobs, resulting in lost productivity or even workarounds that undermine the security mandate.
It seems like a simple task, but implementing the “right” solution and deciding on a streamlined approach is harder than it looks because many businesses fail to understand how a cyber security strategy fits into their organization before they implement one.
Ensuring security while enabling and empowering employees to do their jobs is an ongoing battle. While no single technology or procedure can fully protect the entire organization, prime examples that can achieve this duality are technologies that allow security practitioners to implement strong privileged access controls and solutions to manage the risk of shared credentials and privileged passwords.
Privileged access management is a practical addition to any defense strategy due to its potential to improve both security and productivity for an organization. Privileged access is defined as access by IT administrators or third-parties who have elevated or admin-level access to systems. Privileged credentials are a frequent target for attackers because they’re seen as the “keys to the kingdom” within a larger network. Unfortunately, privileged credentials are often shared and rarely changed because the insiders and vendors who hold them are considered trusted. However, eliminating privileged access is not the answer: if these privileged credentials were taken away, it could substantially impede the ability for admins and outsourcers to manage critical systems and keep business operations running.
When implemented securely, privileged credentials can make privileged users’ jobs easier. For example, a privileged access management solution can provide a vendor with immediate access to the systems they need without requiring them to log into a VPN. This eliminates giving the vendor unfettered VPN access to the entire network while making it faster for him/her to complete the job.
It is often challenging to find security technologies that balance security with user productivity. With some PAM solutions, it is possible to enhance productivity by selecting a solution that offers credential injection, which allows users to inject a privileged username and password directly from a password manager or vault into an end system.
Credential injection significantly reduces the risks that commonly arise from shared privileged credentials. Rather than having to memorize or search through an extensive list of admin passwords, or use a password vault, privileged users can connect to endpoints with just one click without ever seeing the credential and without that credential passing through their system. Without the user knowing the credential and by removing a common attack vector of trying to obtain a credential by key logging or reading passwords or hashes from memory, the organization is significantly more secure.
According to Bomgar’s recent global research, surveying over 600 IT professionals, 69 percent of companies said they definitely or possibly suffered a security breach resulting from vendor access in the past year. To protect privileged accounts and the networks they connect to, IT must enforce and control policies.
As decision makers evaluate security solutions, they should seek input from employees in all facets of the organization, from payroll to IT support. The right security strategy doesn’t have to interrupt day to day activity or require an inconvenient overhaul or workaround. In fact, if a change is implemented mindfully, the right security strategy could enhance workflow, operations and revenue, and above all, ensure safety and set the organization up for future success.