In short: Privileged access, which bypasses
standard controls to execute operations above those with standard access, can put the target system — or systems, such as infrastructure as a service (IaaS) — at higher risk. This makes privileged access management (PAM) a high-priority cyber defense capability, but effective PAM takes a comprehensive technical strategy. Key success factors include
visibility and control of privileged accounts across all assets. Privileged access happens when an entity (human or machine) uses an administrative account or a credential with elevated rights to perform technical maintenance, make changes, or address emergency outages (privileged operations) in an IT or digital system. This can occur either on premises or in the cloud. Privileges
in this context are technical, which is different from high-risk entitlements related to business processes. PAM controls ensure authorized use of privileges (including any related mechanism like privileged accounts or credentials) in authorized target systems for all relevant use cases. Download now: 3 Must-Haves in Your Cybersecurity Incident Response Plan Privileged access risks result from the proliferation of privileges, the potential for human error in using privileges (such as administrator mistakes) and unauthorized privilege elevation (techniques that attackers use to gain higher-level permissions on a system, platform or environment). Traditional PAM controls, such as credential vaulting zeroand session management, ensure that privileged users, applications and services get just enough privileges (JEP) just in time (JIT) to reduce the access risk. However, such measures are essential but insufficient if deployed partially. Emphasizing JIT privilege approaches and managing machine identities are imperative; implementing privilege task automation and advanced analytics is preferred. Broader coverage of PAM controls for cloud platforms, DevOps, microservices, and robotic process automation (RPA) scenarios require additional capabilities such as secrets management (with secretless brokering) and cloud infrastructure entitlement management (CIEM). PAM is applicable to all local and remote human-to-machine and machine-to-machine privileged access scenarios. This makes PAM a critical infrastructure service due to risk aggregation related to storing sensitive credentials/secrets, as well as performing privileged operations in different systems. As such, PAM capabilities require thoughtful high-availability (HA) and recovery mechanisms. It’s essential to prioritize PAM as a cyber defense mechanism. It plays a key role in enabling zero trust and defense-in-depth strategies that extend beyond mere compliance requirements. Some organizations may choose to deploy a minimum set of PAM controls to meet their compliance obligations in response to the findings of an audit. However, these organizations remain susceptible to attack vectors, such as service accounts, privilege escalation and lateral movements. Although minimalistic controls are better than nothing, expanding PAM control coverage can mitigate a broader number of risks to defend against complex cyberattacks. Learn more: Your Ultimate Guide to Cybersecurity The figure below shows the key steps to develop/enhance PAM architecture strategy: Security and risk management technical professionals should:
A version of this story was originally published on the Gartner Blog Network. What are the best practices used by companies to outsource project work?Efficient training and team-building exercises. Establishing Conflict management processes. ... . Review and status updates. ... . Implementing co-location. ... . Fair incentive contracts. ... . Outsourcing relationships for the long term. ... . Utilize Towne Mailer's printing and mailing services!. Which statement is true of partnering in outsourcing project work?Which statement is true of partnering in outsourcing project work? Partnering requires an extensive commitment of time and energy.
Is a concern and companies have to be very careful when outsourcing processes like payroll medical transcriptions and insurance information?Confidentiality is another concern and companies have to be very careful when outsourcing processes like payroll, medical transcriptions, and insurance information.
What is outsourcing project work?Outsourcing is a business practice in which a company hires a third-party to perform tasks, handle operations or provide services for the company.
|