What Is Privileged Access?
In an enterprise environment, “privileged access” is a term used to designate special access or abilities above and beyond that of a standard user. Privileged access allows organizations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
Privileged access can be associated with human users as well as non-human users such as applications and machine identities.
Examples of privileged access used by humans:
- Super user account: A powerful account used by IT system administrators that can be used to make configurations to a system or application, add or remove users or delete data.
- Domain administrative account: An account providing privileged administrative access across all workstations and servers within a network domain. These accounts are typically few in number, but they provide the most extensive and robust access across the network. The phrase “Keys to the IT Kingdom” is often used when referring to the privileged nature of some administrator accounts and systems.
- Local administrative account: This account is located on an endpoint or workstation and uses a combination of a username and password. It helps people access and make changes to their local machines or devices.
- Secure socket shell (SSH) key: SSH keys are heavily used access control protocols that provide direct root access to critical systems. Root is the username or account that, by default, has access to all commands and files on a Linux or other Unix-like operating system.
- Emergency account: This account provides users with administrative access to secure systems in the case of an emergency. It is sometimes referred to as firecall or break glass account.
- Privileged business user: Is someone who works outside of IT, but has access to sensitive systems. This could include someone who needs access to finance, human resources (HR) or marketing systems.
Examples of non-human privileged access:
- Application account: A privileged account that’s specific to the application software and is typically used to administer, configure or manage access to the application software.
- Service account: An account that an application or service uses to interact with the operating system. Services use these accounts to access and make changes to the operating system or the configuration
- SSH key: (As outlined above). SSH keys are also used by automated processes.
- Secret: Used by development and operations (DevOps) team often as a catch-all term that refers to SSH keys, application program interface (API) keys and other credentials used by DevOps teams to provide privileged access.
Privileged accounts, credentials and secrets exist everywhere: it is estimated that they typically outnumber employees by three to four times. In modern business environments, the privilege-related attack surface is growing fast as systems, applications, machine-to-machine accounts, cloud and hybrid environments, DevOps, robotic process automation and IoT devices become increasingly interconnected. Attackers know this and target privileged access. Today, nearly 100 percent of advanced attacks rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure. If abused, privileged access has the power to disrupt business.
Notable Security Breaches Involving Privileged Access
Over the past decade, there have been numerous security breaches linked to privileged access abuse. From Terry Childs and Edward Snowden to Yahoo! and the massive breach at the U.S. Office of Personnel Management to the Bangladesh Bank breach and the attack on the Ukraine power grid and even the highly publicized Uber breach – the common denominator in each attack was that privileged credentials were exploited and used to plan, coordinate and execute cyber attacks.
What Is Privileged Access Management (PAM)?
Organizations implement privileged access management (PAM) to protect against the threats posed by credential theft and privilege misuse. PAM refers to a comprehensive cybersecurity strategy – comprising people, processes and technology – to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.
Sometimes referred to as privileged identity management (PIM) or privileged access security (PAS), PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions. The principle of least privilege is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets. By enforcing the principle of least privilege, organizations can reduce the attack surface and mitigate the risk from malicious insiders or external cyber attacks that can lead to costly data breaches.
Key Privileged Access Management Challenges
Organizations face a number of challenges protecting, controlling and monitoring privileged access including:
- Managing account credentials: Many IT organizations rely on manually intensive, error-prone administrative processes to rotate and update privileged credentials. This can be an inefficient and costly approach.
- Tracking privileged activity: Many enterprises cannot centrally monitor and control privileged sessions, exposing the business to cybersecurity threats and compliance violations.
- Monitoring and analyzing threats: Many organizations lack comprehensive threat analysis tools and are unable to proactively identify suspicious activities and remediate security incidents.
- Controlling Privileged User Access: Organizations often struggle to effectively control privileged user access to cloud platforms (Infrastructure as a Service and Platform as a Service), Software as a Service (SaaS) applications, social media and more, creating compliance risks and operational complexity.
- Protecting Windows domain controllers: Cyber attackers can exploit vulnerabilities in the Kerberos authentication protocol to impersonate authorized users and gain access to critical IT resources and confidential data.
Why Is Privileged Access Management (PAM) Important For Your Organization?
- Humans are your weakest link. From internal privileged users abusing their level of access, or external cyber attackers targeting and stealing privileges from users to operate stealthily as “privileged insiders,” humans are always the weakest link in the cybersecurity chain. Privileged access management helps organizations make sure that that people have only the necessary levels of access to do their jobs. PAM also enables security teams to identify malicious activities linked to privilege abuse and take swift action to remediate risk.
- In digital business, privileges are everywhere. Systems must be able to access and communicate with each other in order to work together. As organizations embrace cloud, DevOps, robotic process automation, IoT and more, the number of machines and applications that require privileged access has surged and the attack surface has grown. These non-human entities vastly outnumber the people in a typical organization and are harder to monitor and manage – or even identify at all. Commercial-off-the-shelf (COTS) apps typically require access to various parts of the network, which attackers can exploit. A strong privileged access management strategy accounts for privileges no matter where they “live” – on-premises, in the cloud and in hybrid environments – and detects anomalous activities as they occur.
- Cyber attackers target endpoints and workstations. In an enterprise, every single endpoint (laptop, smartphone, tablet, desktop, server, etc.) contains privilege by default. Built-in administrator accounts enable IT teams to fix issues locally, but they also introduce great risk. Attackers can exploit admin accounts, then jump from workstation to workstation, steal additional credentials, elevate privileges and move laterally through the network until they reach what they’re looking for. A proactive PAM program should account for the comprehensive removal of local administrative rights on workstations to reduce risk.
- PAM is critical for achieving compliance. The ability to monitor and detect suspicious events in an environment is very important, but without a clear focus on what presents the most amount of risk – unmanaged, unmonitored and unprotected privileged access – the business will remain vulnerable. Implementing PAM as part of a comprehensive security and risk management strategy enables organizations to record and log of all activities that relate to critical IT infrastructure and sensitive information – helping them simplify audit and compliance requirements.
Organizations that prioritize PAM programs as part of their larger cybersecurity strategy can experience a number of organizational benefits, such as mitigating security risks and reducing the overall cyber attack surface, reducing operational costs and complexity, enhancing visibility and situational awareness across the enterprise and improving regulatory compliance.
Privileged Access Management Best Practices
The following steps provide a framework to establish essential PAM controls to strengthen an organization’s security posture. Implementing a program that leverages these steps can help organizations achieve greater risk reduction in less time, protect their brand reputation and help satisfy security and regulatory objectives with fewer internal resources.
- Eliminate irreversible network takeover attacks. Isolate all privileged access to domain controllers and other Tier0 and Tier1 assets, and require multi-factor authentication.
- Control and secure infrastructure accounts. Place all well-known infrastructure accounts in a centrally managed, digital vault. Regularly and automatically rotate passwords after every use.
- Limit lateral movement. Completely remove all end point users from the local admins group on IT Windows workstations to stop credential theft.
- Protect credentials for third-party applications. Vault all privileged accounts used by third party applications and eliminate hardcoded credentials for commercial off-the-shelf applications.
- Manage *NIX SSH keys. Vault all SSH key-pairs on Linux and Unix production servers and rotate them on a routine basis.
- Defend DevOps secrets in the cloud and on premise. Secure all Public Cloud privileged accounts, keys and API keys. Place all credentials and secrets used by CI/CD tools such as Ansible, Jenkins and Docker in a secure vault, enabling them to be retrieved on the fly, automatically rotated and managed.
- Secure SaaS admins and privileged business users. Isolate all access to shared IDs and require multi-factor authentication.
- Invest in periodic Red Team exercises to test defenses. Validate and improve effectiveness against real world attacks.