itb-au logo
Story image

Tracking privileged access vital, says Gartner

Prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency, according to new information from Gartner.

The analyst firm says establishing controls for privileged access continues to be a focus of attention for organisations and auditors, and by 2018, 25% of organisations will review privileged activity and reduce data leakage incidents by 33%. 

“Only less than 5% of organisations were tracking and reviewing privileged activity in 2015," explains Felix Gaehtgens, research director at Gartner.

"The remainder is, at best, controlling access and logging when, where and by whom privileged access takes place — but not what is actually done,” he says.

Gaehtgens says unless organisations track and review privileged activity, they risk being blindsided by insider threats, malicious users or errors that cause significant outages. 

"IT organisations are under increasing business and regulatory pressure to control access to these accounts, which can be administrative accounts, system accounts or operations accounts," he explains.

Gartner recommends that IT operations and security leaders use some best-practice approaches for effective and risk-aware privileged access management. 

Inventory All the Accounts With Privileged Access and Assign Ownership

All privileged accounts in your IT environment that enjoy permission levels beyond those of a standard user should be accounted for. It is a security best practice to frequently scan your infrastructure to discover any new accounts introduced with excess privileges.

"This becomes even more important for dynamic environments that change rapidly, such as those using virtualization on a large scale, or hybrid IT environments that include cloud infrastructure," says Gaehtgens.

"Organisations should start by using free autodiscovery tools offered by some PAM vendors to enable automated discovery of unmanaged systems and accounts across the range of infrastructure — but even those autodiscovery tools will not find everything." 

Shared-Account Passwords Must Not Be Shared

The golden rule is that shared-account passwords must not themselves be shared. Sharing passwords, even among approved users, severely erodes personal accountability; this is a security best practice and demanded by regulatory compliance. It also makes it less likely that passwords will leak to others.

Minimise the Number of Personal and Shared Privileged Accounts

Eliminate, or at least drastically reduce, the number of users with (permanent, full) superuser privileges to the minimum that is consistent with operational and business needs.

Migrating to shared privileged accounts is a recommended practice; however, this requires appropriate tools — managing the risks and control issues that arise from the use of such accounts is inefficient and complicated without a shared account password management tool. 

Establish Processes and Controls for Managing the Use of Shared Accounts

Establish processes and controls for managing shared accounts and their passwords. While it is possible to use manual processes to manage privileged access, it is too cumbersome and virtually impossible to enforce such practices without specialized PAM tools.

IT operations and security leaders need to implement PAM tools to automate processes, enforce controls and provide an audit trail for individual accountability. These tools are mature, and provide efficient and effective password management for shared superuser (and other) accounts in a robust, controlled and accountable manner, enabling any organization to meet regulatory compliance requirements for restricted access and individual accountability. 

Use Privilege Elevation for Users With Regular (Nonprivileged) Access

Administrators will typically have personal, non-privileged accounts that they use for their day-to-day work, such as reading email, browsing the Web, accessing corporate applications, creating and reviewing information, and so on.

"Never assign superuser privileges to these accounts, because these might exacerbate accidental actions or malware that can cause drastic consequences when used in a privileged environment," Gaehtgens says. "Instead, use privilege elevation to allow temporary execution of privileged commands." 

Story image
Banking and securities IT spending down, Gartner forecasts 2021 rebound
“With a better understanding of the impact of COVID-19, banks and securities firms are now accelerating automation initiatives, such as customer-facing chatbots, robotic process automation (RPA) and end-to-end account origination solutions."More
Story image
Distributed workforces pose new challenges for information management
“Collaboration can be stymied, mistakes can be made, and organisations can suffer data breaches if they don’t immediately address the issue of how employees are accessing and sharing information while working remotely.”More
Story image
Construction on new data centre for Newcastle and Hunter region kicks off
The $20 million data centre project, developed in partnership with Ausgrid, will boost jobs, create much-needed network infrastructure and strengthen the digital economy of the Newcastle and the greater Hunter region.More
Story image
IBM named top industrial Blockchain-as-a-Service provider
ABI Research has released a new Industrial BaaS Competitive Assessment, analysing and ranking six industrial BaaS vendors, Alibaba, Amazon, IBM, Microsoft, Oracle and SAP. More
Download image
451 Research: The new shape of the enterprise network
In this new world, distance has become the silent digital business killer. Latency looms large, especially for high-performance edge applications, IoT and 5G use cases. More
Story image
Samsung unveils 5 new devices, including Galaxy Note20
Samsung has today announced a suite of new products to its consumer device lineup, adding to their roster two new phones, a tablet, a smartwatch and earbuds.More