If there is one lesson to be learned from the countless data breaches we read about on a daily basis, it is this: Our privileged identities are repeated targets for hackers around the world. Take any case—from the to the at Three, a British mobile network company—the hacker’s entry point was a compromised employee login. Once a hacker gets ahold of a privileged login, it’s easy for them to infiltrate various privileged access points, such as critical servers, and get access to sensitive information.
Despite significant advancements in IT, and cybersecurity becoming an important topic, we still seem to fall short when it comes to guarding our assets against sophisticated attacks. So, to better understand what’s amiss in our IT security strategies, why hackers target privileged identities, and the importance of privileged identity management, let’s begin with the basics:
What is a privileged identity?
The term privileged identity includes the most powerful accounts spread across an IT environment, such as the UNIX root, Windows administrator, database administrator, and even business application accounts. These accounts are normally used by the information and communications teams to set up the IT infrastructure, install new hardware and software, run critical services, and conduct maintenance operations. In short, privileged identities are master-keys that can access an organization’s highly classified IT assets, and eventually the sensitive information stored within.
Traditional strategies lead to unprotected privileged identities
Are unprotected privileged identities risky? Yes, they are. So how do we decide whether a privileged identity is protected or not? Most of us think that having an IT team guarantees security. We make our IT administrators—who keep our IT system afloat and manage the information stored in numerous servers—also equally responsible for safekeeping the keys (i.e. privileged accounts) that grant access to the systems.
Typically, admins pile up the privileged accounts in one location and permit only a handful of authorized staff access to this location. But how do we know whether the location is secure and that the staff, including your IT team, can be trusted? Most often, this location is a simple password-protected spreadsheet or a bunch of printouts stashed in a locked desk drawer. Another fact is that cyber attacks branch out from abuse of privileged access, and trusted insiders may at any time choose to misuse their privilege.
Therefore, unless the location has rock-solid security, and every activity inside and outside of it is completely monitored and can be traced to an authentic user, it is safe to assume that a privileged identity in that location is unprotected. Now, think of the devastation that could be caused by an unprotected and unchanged privileged identity. With the credentials, a malicious user inherits elevated permissions to navigate through an organization’s IT layout without restrictions and can access its mission-critical data. The user is free to view, modify, or even delete this data, alter configuration settings, and run dangerous programs. There are also cases where external attackers are known to target our privileged users with a phishing attack and gain access to the privileged account credentials.
Despite such high risks being involved with privileged accounts, organizations still leave security loopholes unattended. The maximum that is usually done in the name of identity management is two-factor authentication. However, a thorough privileged identity management routine goes further and includes far more factors.
The need for privileged identity management
Privileged identity management is a section of identity and access management that deals exclusively with the protection of privileged accounts in an enterprise, including those of operating systems, databases, servers, applications, and networking devices. Security of these super-user accounts involves:
1. Maintaining a complete list of all active privileged identities in your network, and updating it as and when a new account is created. Using an automated account discovery mechanism will make the work easier for admins by quickly detecting the privileged accounts associated with various IT assets.
2. Storing the privileged identities in a secure vault with standardized encryption algorithms such as AES-256 functions.
3. Enforcing stringent IT policies that cover password complexity, frequency of password resets, time-limited access to privileged accounts, automatic reset upon one-time use, and other robust controls.
4. Sharing the privileged accounts with employees and third-party users in a secure way, such as granting privileged access with the minimum permissions required to carry out the job. Mechanisms such as request-release workflows may bring in better security by looping in a supervising administrator who scrutinizes password access requests raised by users and approves them at their discretion.
5. Auditing all identity-related operations such as privileged user logins, password shares, password access attempts, reset actions, and so on. Maintaining a complete record of who did what with their privileged access and when fosters transparency in an organization and also serves as evidence during forensic audits.
6. Monitoring and recording all privileged user sessions in real time, to cross-reference with the audit records.
In addition to these, another critical aspect is integration with enterprise applications. You must be able to incorporate your privileged identity management strategy into your everyday IT processes, such as network monitoring, ticketing mechanism, and user authentication services. This helps track privileged identities that transpire anywhere in your organization, across all platforms.
When your choice of privileged identity management encompasses all these details, as a tool like ManageEngine Password Manager Pro does, you can be sure that your privileged identities are safe and will not be compromised.