Privileged Access Management

Privileged Access Management: Best Practices

/in , /by

The more privileges a user or an app gets, the greater the potential for abuse or error. Implementing privileged access management (PAM) provides several benefits, including a smaller attack surface, which is easier to protect against internal and external threats.

In simple terms, one of the most direct ways to implement Privileged Access Management is by removing local administrator rights from users on their computers. This is important because attackers often try to take control of a user’s computer and install malicious software. Without admin rights, users can’t install software on their own—so any installation must go through an approval process.

By using PAM and limiting admin rights, organizations reduce the risk of unauthorized or harmful software being installed.

Benefits of Privileged Access Management (PAM)

Here are just some of the reasons why all organizations need privileged access management.

Reduce malware infection likelihood

Many types of malware (e.g. SQL injections) rely on elevated privileges to install or execute. Therefore, removing excessive privileges or just implementing the least privilege policies across the company can successfully prevent malware.

Help achieve compliance

By reducing the privileged activities a user can perform, PAM helps create a less complex, more secure, and compliant environment.

Help achieve cyber insurance requirements

Ransomware attacks and ransom payouts have increased exponentially. Cyber insurers recommend organizations to increase PAM controls in order to reduce risks and liability.

Cyber insurers often require PAM controls to renew or obtain new cyber liability coverage: a PAM system to manage privileged access and accounts, removal of local admin rights, etc.

Also, many compliance regulations, such as HIPAA or PCI, require organizations to apply the least privilege access policies for data and systems security.

Privileged Access Management Best Practices

The more comprehensive your IT security policies, the better you will be able to prevent or mitigate insider and external threats while meeting compliance standards.

Here is an overview of the most important privileged access management best practices:

  1. Create and enforce a complex privileged access management policy

The policy should clearly indicate how privileged access and accounts are commissioned and decommissioned, the hierarchy of privileged users and accounts, etc.

This means that your IT security team should get all privileged accounts and credentials under management: application accounts, database accounts, local accounts, cloud accounts, SSH keys and passwords, including those used by third parties.

Your IT security team will look across operating systems, hardware devices, firewalls, routers, etc.

The PAM policy should emphasize where and how privileged passwords are being used and help reveal security vulnerabilities like old passwords/accounts, reused SSH keys, and so on.

  1. Apply rules-based permissions

Rules-based permissions should be enforced to elevate privileges as needed to perform specific actions and should be revoked after completion. If access is not provided but required, the user can submit a special request for approval.
The least privilege approach is not just about limiting access but also about the duration of access.

  1. Enforce separation of duties

Privilege separation measures include separating administrative account capabilities from standard account capabilities.

When the least privilege approach is in place, you should consider separation of duties. Each privileged account should be able to perform only a distinct set of tasks.

  1. Monitor and audit access privileges frequently

Implementing privileged session management and monitoring (PSM) is essential for detecting suspicious activities and efficiently investigating risky privileged sessions.

Privileged session monitoring and management capabilities are required for achieving regulatory compliance (e.g., HIPAA, PCI, SOX).

  1. Network and system segmentation

Segment systems and networks to distinguish between users and processes based on levels of trust and needs. Higher trust levels should be at the center of your security policy.

  1. Implement context-based access

This is basically the zero-trust principle which involves delivering just enough access, in time, and in the proper context. This is handled by assessing multiple inputs in real-time: vulnerability/threat data for a target asset, geolocation, user data, and several others to determine how much and for how long a privilege can be provisioned.

Enabling dynamic risk-based access will allow you to automatically limit privileges and prevent any unsafe activities every time a known threat or potential compromise exists for a user, asset, or system.

  1. Secure privileged task automation (PTA) workflows

Privileged task automation, such as robotic process automation (RPA) that leverage privileged credentials and elevated access are increasingly embedded within modern IT environments and require many moving parts that need to be audited for privileged access.

  1. Monitor user behavior

Establish standard behavior for privileged user behavioral activity (PUBA) and privileged access. Monitor and alert in case of any deviations from the standard.

Conclusion

Limiting privileges for people, processes, and applications ultimately means the pathways and entrances for exploitation will be reduced.

Accumulating as much data as possible is not the answer. Most important is to have the needed data that enables you to make prompt, informed decisions while keeping all your systems safe and secure.