By any measurement, Privileged Access Management (PAM) has drastically changed the way enterprises protect access to critical systems.
Using credential vaults and other session control tools, PAM has allowed managers to maintain privileged identities while significantly decreasing the risk of their compromise.
Both industry leaders Forrester and Gartner have placed privileged management as a top priority for CISO’s. And it’s no wonder why.
PAM protects a company’s unique digital identities that if stolen, could bring the entire organization to a standstill. Gartner Market Guide for 2018 went so far as to name Privileged Access Management as the “number one cyber security priority” for the coming year.
What is Privileged Access Management?
Privileged Access Management (PAM) refers to a class of solutions that help secure, control, manage and monitor privileged access to critical data and systems.
PAM solutions typically take the credentials of privileged accounts—ie administrative accounts–and put them inside a secure digital repository, or vault. This isolates the use of privileged accounts and reduces the risk of their credentials being stolen.
Once inside the vault, system administrators need to go through the PAM system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back into the vault, the system is reset to ensure administrators have to go through PAM procedures the next time they want to use the credential.
By centralizing privileged credentials in one place, PAM systems can ensure a high level of security for them, control who is accessing them, log all accesses and monitor for any suspicious activity.
Privileged Users are Privileged Targets
Of course, the very existence of privileged accounts creates a huge liability.
If a single digital identity can grant such unfettered access, the consequences of that identity being exposed could be catastrophic.
Hackers are aware of that fact, which essentially paints a large target on these powerful users.
This means that the security of these accounts depends completely on the reliability of the PAM platform being deployed–the medium through which the privileged users log into PAM and the level of assurance the platform’s authentication provides are all that standing in the way of these identities being compromised.
The best gate is not always the one with the best lock
There is no question the traditional security perimeter is no longer an effective measure to protect a network.
While Privileged Access Management solutions are extremely effective in acting as the ‘gate’ to an organization’s network, the question everyone should be asking is: what’s protecting the gate?
The unfortunate fact is, many of the most cutting-edge PAM solutions are still protected by the obsolete password. To put this into perspective, safeguarding privileged accounts with a PAM system protected by a password is like depositing money in a bank vault secured with a bicycle lock.
Learn more about how to protect your PAM users
Completing PAM with Multi-Factor Authentication
For companies running a PAM solution, the time has come to choose the correct platform to access that solution that will keep privileged accounts secure.
A Multi factor Authentication (MFA) solution is a must. As a recent Gartner research paper concluded: “At a minimum, CISOs should institute mandatory multifactor authentication (MFA) for all administrators.”
Choosing a password-free high assurance solution does more than secure authentication systems. It also eliminates the cost associated with passwords such as help desk calls and password resets. Furthermore, going passwordless brings user experience (UX) to a new level, by streamlining the authentication process. No more storing and remembering credentials, and no more carrying around additional devices for verification.
Password- Based Authentication: Vulnerabilities And Alternative Solutions