MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

Guide to plan your privileged access control strategy

Published on 28 March 17
2 Prince rewarded for 2 times 1 Prince rewarded for 1 time   Follow
1240
0
1
Guide to plan your privileged access control strategy - Image 1

Long gone are the days when cyber security was an afterthought in the corporate world. The current age of being always connected, cyber security has become the biggest concern for every business. With hackers coming up with new way to attack systems, businesses are heavily investing in keeping their security measurements uptodate. Fortunately, if taken enough measurement, businesses can keep themselves safe from external threats.


But do you think the external threats are the only threat that has the capability to harm your business? What about another dangerous threat that you have been ignoring till now? Yes, I’m talking about the threat that comes from insiders, from the people you trust blindly, from your employees, partners and even from your customers. Shocking, right? Well, it’s not if you look at the major cyber attack incidents of 2016. As per recent research by Intel Security, 43% of cyber attacks were caused due to internal users.


Now even though insider threats are pretty difficult to detect and remediate, businesses just can’t close their eyes and sit carelessly. Among these insiders, the one specific section this article is about is the users with privileged accounts as they not only have access to sensitive resources but also full control over their systems and thus making it more vulnerable. In short, these privileged users have the key to your kingdom of sensitive user data and business assets. But alas, not many organizations are giving desired consideration to this problem.


One solution here that can ensure security is to track and monitor these users as they can easily disrupt even the most secure infrastructure. In this article I am going to talk about how businesses can plan privileged access control strategy in order to keep themselves secure.


Tip #1: Outsources access control solution:


Now many of the organizations believe that keeping privileged access control is much more convenient, affordable and secure than outsourcing it, they tend to forget the risk associated while third party vendors access their IT systems directly. Did you know as per Ponemon Institute Report, 73% respondents reported increase in the hacking incidents involving third party vendors. Needless to say, extending privileged access control to contractors, service providers, outsourced IT, etc makes much sense. Extending it will ensure you centralized identity management and thus unified view of all the access related activities.


Tip #2: Introduce multi-factor authentication:


Do you know the simplest way for hackers to steal your precious customer data is to utilize the login credentials of your privileged users. Passwords are done and dusted, thanks to poor password habits (Like using easy to remember password, not changing passwords on regular passwords, using same password for all, etc). The most effective way to save yourself is by introducing multi-factor authentication MFA. Multi-factor authentication requires users to pass through multiple security levels in order to get access to sensitive data. These additional levels can be something you know (Password, secret question), something you have (Mobile, smart device) or something you are (voice recognition, fingerprint authentication)


In case of MFA, after submitting the right username and password combination, user needed to prove his identity once more with any of the additional factors mentioned above. Implementation of multi-factor authentication will make it almost impossible for cyber criminals to get access to your sensitive data while make you relieved.


Tip #3: Monitor privileged access activities:


Another thing that organizations need to do, is to execute industry regulations compliances such as PCI DSS (Payment Card Industry Data Security Standard), SOX(Sarbanes-Oxley Act) and other business policies related to data integrity and security. Monitoring such privileged users activities will bring to you more accurate audit visibility and enables forensic research in case of any security related issue.


Tip #4: Use credential vault to manage automation of shared passwords:


Unlike what we believe, the recent survey disclosed some shocking facts about sharing password concept :


  • 59% of US ITDMs admitted sharing their access credentials with their employees at least once
  • Another 52% respondents accepted sharing their credentials at least somewhat often with their credentials
  • The numbers are 34% and 32% for UK respectively.

This is a bad condition. These shared passwords can provide anyone access to privileged accounts and thus anyone can easily receive key to your kingdom. In order to eliminate the risk, IT teams must automate the management of shared passwords and start using credential vault.


Tip #5: Understand your users and your data:


Since privileged accounts are the main door to your organization’s sensitive data, they are the main target of hackers, fraudsters and malicious attacks. Any kind of suspicious activity if noticed around this data is the indicator that an attack is in process. Therefore it is must to sync your security policies along with access management solution so that only the authorized people can get access to your data.


Finally, the key is here to stay updated. Don’t trust blindly. Keep monitoring user activities, keep reevaluation your solution and keep people around you updated.


















Guide to plan your privileged access control strategy - Image 1

Long gone are the days when cyber security was an afterthought in the corporate world. The current age of being always connected, cyber security has become the biggest concern for every business. With hackers coming up with new way to attack systems, businesses are heavily investing in keeping their security measurements uptodate. Fortunately, if taken enough measurement, businesses can keep themselves safe from external threats.

But do you think the external threats are the only threat that has the capability to harm your business? What about another dangerous threat that you have been ignoring till now? Yes, I’m talking about the threat that comes from insiders, from the people you trust blindly, from your employees, partners and even from your customers. Shocking, right? Well, it’s not if you look at the major cyber attack incidents of 2016. As per recent research by Intel Security, 43% of cyber attacks were caused due to internal users.

Now even though insider threats are pretty difficult to detect and remediate, businesses just can’t close their eyes and sit carelessly. Among these insiders, the one specific section this article is about is the users with privileged accounts as they not only have access to sensitive resources but also full control over their systems and thus making it more vulnerable. In short, these privileged users have the key to your kingdom of sensitive user data and business assets. But alas, not many organizations are giving desired consideration to this problem.

One solution here that can ensure security is to track and monitor these users as they can easily disrupt even the most secure infrastructure. In this article I am going to talk about how businesses can plan privileged access control strategy in order to keep themselves secure.

Tip #1: Outsources access control solution:

Now many of the organizations believe that keeping privileged access control is much more convenient, affordable and secure than outsourcing it, they tend to forget the risk associated while third party vendors access their IT systems directly. Did you know as per Ponemon Institute Report, 73% respondents reported increase in the hacking incidents involving third party vendors. Needless to say, extending privileged access control to contractors, service providers, outsourced IT, etc makes much sense. Extending it will ensure you centralized identity management and thus unified view of all the access related activities.

Tip #2: Introduce multi-factor authentication:

Do you know the simplest way for hackers to steal your precious customer data is to utilize the login credentials of your privileged users. Passwords are done and dusted, thanks to poor password habits (Like using easy to remember password, not changing passwords on regular passwords, using same password for all, etc). The most effective way to save yourself is by introducing multi-factor authentication MFA. Multi-factor authentication requires users to pass through multiple security levels in order to get access to sensitive data. These additional levels can be something you know (Password, secret question), something you have (Mobile, smart device) or something you are (voice recognition, fingerprint authentication)

In case of MFA, after submitting the right username and password combination, user needed to prove his identity once more with any of the additional factors mentioned above. Implementation of multi-factor authentication will make it almost impossible for cyber criminals to get access to your sensitive data while make you relieved.

Tip #3: Monitor privileged access activities:

Another thing that organizations need to do, is to execute industry regulations compliances such as PCI DSS (Payment Card Industry Data Security Standard), SOX(Sarbanes-Oxley Act) and other business policies related to data integrity and security. Monitoring such privileged users activities will bring to you more accurate audit visibility and enables forensic research in case of any security related issue.

Tip #4: Use credential vault to manage automation of shared passwords:

Unlike what we believe, the recent survey disclosed some shocking facts about sharing password concept :

  • 59% of US ITDMs admitted sharing their access credentials with their employees at least once
  • Another 52% respondents accepted sharing their credentials at least somewhat often with their credentials
  • The numbers are 34% and 32% for UK respectively.

This is a bad condition. These shared passwords can provide anyone access to privileged accounts and thus anyone can easily receive key to your kingdom. In order to eliminate the risk, IT teams must automate the management of shared passwords and start using credential vault.

Tip #5: Understand your users and your data:

Since privileged accounts are the main door to your organization’s sensitive data, they are the main target of hackers, fraudsters and malicious attacks. Any kind of suspicious activity if noticed around this data is the indicator that an attack is in process. Therefore it is must to sync your security policies along with access management solution so that only the authorized people can get access to your data.

Finally, the key is here to stay updated. Don’t trust blindly. Keep monitoring user activities, keep reevaluation your solution and keep people around you updated.

Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top