Gartner defines privileged access management (PAM) as a set of tools that administer or configure systems and applications to provide an elevated level of technical access through the management and protection of accounts, credentials and commands.
In a nutshell, PAM is part of an organisation’s overall identity and access management (IAM) posture. It is a cyber security strategy devised to secure and monitor access to critical assets, such as firewalls, servers, operational technology or cloud infrastructure.
It ensures only authorised users can perform sensitive tasks, such as configuration and maintenance, while preventing unauthorised access to sensitive information.
Who is entitled to privileged access?
This is typically insiders in an organisation and can include system and database administrators, developers, architects, application owners and IT managers – all are staff who already have access to a company’s systems.
To complicate matters, external vendors and outsourcing partners may also have access to critical systems and data – they need it to do their respective jobs. Moreover, it is not uncommon for IT administration to be contracted to offshore outsourcing partners, thus controlling and monitoring privileged access is obviously an important part of reducing vendor risk.
Companies must scrutinise their IAM capabilities and evaluate if they need to be modernised.
Interestingly, from a statistical perspective, most cyber crimes are reported to be perpetrated, or assisted by, insiders. This fact makes monitoring and controlling privileged access crucial to reducing the risk from the enemy within.
Who needs a PAM solution?
The straight answer is every organisation needs a PAM solution to mitigate security risks, improve regulatory compliance, reduce operational complexity and costs, while enhancing visibility and situational awareness across the company.
A PAM solution can ensure employees only have the necessary levels of access fundamental to them fulfilling their duties. It identifies malicious activities linked to privilege abuse, while at the same time helping companies to minimise their potential for a security breach.
The deployment of a PAM solution helps administrators to automatically monitor and record all privileged activity across their IT environment.
The 2023 Ponemon Sullivan Cost of Insider Risk Global Report notes the most prevalent insider security incidents are caused by careless employees.
According to the findings, 55% of incidents experienced were attributed to staff negligence and the average annual cost to remediate them was $7.2 million. The research notes incidents involving criminal or malicious insiders at 25% of all incidents and credential theft at 20% are less prevalent but more costly at $701 500 and $679 621, respectively.
The cost of insider risk is said to vary significantly based on the type of incident. The research reveals a variety of ways in which employees can put their companies at risk. These include not ensuring devices are secured, not following the company’s security policy, and forgetting to patch and upgrade.
The report describes malicious insiders as employees or authorised individuals who use their data access for harmful, unethical or illegal activities. Because of their potentially wider access to their company’s sensitive data, malicious insiders are observed to be harder to detect than incidents caused by external hackers. Credential theft incidents are reported to cost an average of $679 621 per incident.
In summary, Ponemon Sullivan confirms that insider security incidents are increasing, with the 2023 report revealing a staggering 71% of companies surveyed are experiencing between 21 and 40 incidents per year. This is an increase from the 67% reported in 2022.
Most importantly, this report disclosed that PAM plus user training and awareness programmes are shown to reduce the cost of insider risk. The research analysed the impact security technologies and activities can have on cost reduction.
PAM was reported to save an average of $5.9 million. User training and awareness programmes save $5.4 million and SIEM was reported to reduce the cost by $4.3 million.
That’s just some of the bad news but what’s the good news? By now you should at least have a handle on what PAM is and why it should be considered as a mission-critical aspect of IAM capabilities. The next question is where to start?
Companies must scrutinise their IAM capabilities and evaluate if they need to be modernised. To do this, organisations need to look past standard user identities to introduce controls for privileged accounts in the form of a PAM solution.
These accounts have access to the most confidential information in the organisation, obviating the need for extra level security. The chosen solution must deliver the ability to control, protect and record privileged account use and access to critical assets and resources.
In my next article, I will explore the challenges businesses face that are driving them to seek implementation of PAM, where the zero trust model fits into the picture and why a SaaS-based approach can be the most cost-effective route.
Share