This blog was originally posted by Arcon on their blog page. You can read the original here.
Overview
Today, we are experiencing a growing assortment of applications, systems, APIs, and data that is scattered across IT networks in distributed IT infrastructure and multi-cloud environments. This assortment of critical information is constantly at risk from unauthorized privileged access through employees, third parties, and customers. A single unprecedented incident, such as the compromise of privileged identity through any “trusted identity,” is enough to shake the foundation of enterprise IT infrastructure. The Zero Trust model, in this context, has become a reliable IT security practice among information security pros, especially the risk assessment teams who work relentlessly to prevent IT threats. Built on the idea ‘never assume trust and continuously assess it,’ the Zero Trust principle, once applied, offers better control, visibility and analytics of the privileged identities that are available in every layer of enterprise IT infrastructure.
Why is Zero Trust a level ahead in security of PAM environment?
Privileged access risks revolve around the proliferation of privileges, unauthorized privilege elevation, and anytime access to critical systems and applications. In most cases, the malefactors infiltrate and search for a network within an on-premises or cloud environment with unprivileged access to elevate their permissions to follow through on their objectives. The most common approach is to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
Just-In-Time (JIT) Approach
“Always on” or unrestricted access are the biggest sources of data breach. The risk vector further expands if one were to consider the all-important “privileged accounts. The Just-In-Time (JIT) Privilege approach helps organizations to follow the principle of ‘Least Privilege’ and mitigates threats arising from ‘always-on’ privileges. It gives an opportunity to the IT administrators to grant privilege rights to accomplish tasks in a secure manner without worrying about revoking the rights. The approach ensures that the right “privileged identity” has a right to access the right target systems at the right time.
This enhances security as it provides access only when it is required, the logs and reports are maintained for all the access provided to the user. It enhances the employee IT experience by reducing the time spent on creating credentials in Active Directory and ensuring security is not compromised. This ‘denial of access’ immediately after the completion of the task builds the foundation of Zero Trust security posture.
Multi-factor Authentication (MFA)
Gone are those days when organizations had to count on two-factor authentication to “double” the assurance of a valid end-user who is trying to access critical systems/ applications. Multi-factor Authentication (MFA) shores up security in a privileged access environment and eradicates the risks of unauthorized access. Organizations can leverage MFA to optimize Zero Trust security posture.
Adaptive Authentication
In addition to supporting MFA, Privileged Access Management leverage adaptive authentication for building an identity-first security posture. “Deny access until one can establish trust” is what makes adaptive authentication a very secure way to access business critical applications. When it comes to assessing the trust, then an elevated level of maturity is required, as one can configure various tests to be performed before the trust can be established using various adaptive authentication components.
Adaptative authentication helps to analyze the user’s geographic location and login behavior which includes IP address, device used, typing speed, time to log in among other parameters. Any kind of deviation from this baseline standard is notified to the administrator, who takes immediate action on it.
Identity Governance and Administration (IGA)
Considering the changing threat patterns in the Privileged Access Management landscape, strong identity governance has become extremely relevant to building a comprehensive IT security infrastructure. A robust identity governance (IG) ensures a seamless lifecycle management of identities, reduces chances of breaches, identity abuse and provides a solid foundation for Identity and Access Management.
In the case of new employees, privileged access assigned to them can be revoked if not required. Managing these tasks manually can be tedious and time-consuming. Identity Governance helps in Certification/ Re-certification of end-users for any specific set of tasks which boosts rule and role-based access and removes the chances of identity abuse or unauthorized access. IG works as a key towards managing the workflow, provisioning/ deprovisioning identities, revoking rights and certify/ recertify end-users.
Many times, third parties, vendors or part-time employees join the organizations temporarily to work on any ad hoc project. Occasionally, these users are onboarded manually and do not originate from a known source of truth like Active Directory, Azure AD, HRMS Solution, etc. However, they are granted access to the company’s resources and assets for smooth initiation of tasks and onboarding. IG helps organizations to provision or deprovision (after pre-scheduled tenure) the users and track the work status of these employees.
Identity Threat Detection and Response (ITDR)
Identity-based attacks are increasing, and it can be very dangerous to enterprise IT infrastructure. Due to misconfigurations in IAM systems, inadequate security measures such as lack of monitoring of an identity, and real-time risk remediation of anomalous profiles can open doors for malefactors to take advantage of the vulnerabilities. As a result, demand for identity-centric security posture is high to maintain resilience, especially in hybrid IT infrastructure.
To ensure that, organizations need to shun the conventional IAM practice and embrace Identity Threat Detection and Response (ITDR) capabilities that are embedded with IAM and PAM systems. It helps the risk management teams to identify real-time security risks stemming from risky privileged identities and respond anomalies with appropriate actions.
Conclusion
Applying Zero trust security practices can build a strong security cordon around enterprise privileged access environments. Conventional approaches for securing privileged access typically revolve around vaulting credentials, monitoring sessions, and keeping audit trails. These measures are extremely important but not adequate in today’s context. The crux of the matter is how to maintain the level of trust in identity.
The point is that in some of the high-profile breach incidents, the ‘trust’ entrusted to privileged identities is often misused to exfiltrate or breach confidential information. This is the reason why continuously establishing confidence or trust in privileged identity becomes foundational for overcoming privileged access challenges. By implementing Zero Trust approach, security and risk management leaders can continuously assess the trust.
