Five worthy reads: The rising significance of privileged identity management

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we delve into how privileged identity management (PIM) solutions can help enterprises authenticate access and secure their corporate data.

When creating a new password, you might encounter a laundry list of requirements that looks something like this:

1. Your password should contain at least one capital letter.

2. Your password should contain at least one number and one special character.

3. Your password cannot contain your name.

4. Your password cannot be the same as a previous password.

While seeing this list might give us an instant headache, password protection has undoubtedly become more important than ever. And for organisations, managing these complex passwords goes beyond just setting and resetting them. If securing an individual account is deemed important, then imagine the plight of any organisation that operates with terabytes of personal data.

Privileged users, such as data administrators and data protection officers, typically have complete access to their organisation’s data. However, with more power comes more responsibility; these individuals are in a position that can uphold or undermine security. Any mishandling of data—intentional or otherwise—could cost an organisation dearly. The European Union knows this, that’s why the recently implemented GDPR has such a large focus on restricting access to data.

As for the United States, regulations such as SOX have mandated the use of security controls and processes to ensure complete governance and protection of data. Considering the critical nature of IT and its impact on business applications, securing business systems from the abuse of any administrative privileges is of prime importance.  

These days, enterprise IT departments face the challenge of providing granular access to corporate resources. There is a lack of contextual information about users and requesters of data, which is a significant factor to consider before granting data privileges. This is where a privileged identity management (PIM) strategy plays an essential role in maintaining data integrity. Implementing authentication protocols, automated password encryption, and regular auditing and reporting can all help enterprises maintain data security.

The following are some interesting reads from across the internet to highlight the growing significance of employing PIM protocols in your IT strategy:

1. Corporate networks vulnerable to insider attacks, report finds
   During penetration testing performed as an internal attacker, Positive Technologies researchers were able to obtain full control of infrastructure on all corporate networks they attempted to compromise.

2. Pain in the PAM
   In order to prevent security breaches, insider attacks and comply with regulatory mandates, organisations must proactively monitor and manage privileged access. As the compromise and misuse of identity is often at the core of modern threats, privilege accounts are a prime target for phishing and social campaigns.

3. How can organizations get control over privileged identity management?
   Doling out too many admin privileges can lead enterprises astray when it comes to privileged identity management, but there are ways they can take back control.

4. The identity crisis: Password managers and your business
   It used to be the case that when someone said they were having an “identity crisis”, they would go on to tell you about their imaginary friend. However, this is 2018 and issues of identity are all over the news – and of the utmost importance to businesses.

5. Privileged Identity Management: 7 tips to make it work for you
   PIM tools help get a handle on sprawling accounts and disjointed management of privileged access. If you do it right. Here are seven key strategies.

The success of any business depends on the privacy and accuracy of the data it processes. Therefore, managing and controlling access to data and enterprise assets should be paramount for any organisation. Likewise, to avoid any penalties or lawsuits due to data breaches, organisations must ensure a streamlined workflow when it comes to authenticating access to their data.

Let’s face the facts. The scope of traditional security perimeters is shrinking, while the workforce is becoming increasingly mobile and distributed. Furthermore, with a perplexing number of complicated business applications, organisations must make prudent decisions to secure their data from both external and insider threats.

However, a robust PIM solution can reduce the difficulty of streamling workflows, as well as provisioning and de-provisioning access to corporate data. PIM solutions can also provide actionable insights for staying compliant with regulatory standards.