Privileged access refers to system permissions that allow overriding of controls and accessing sensitive information. Privileged accounts have special permissions that can significantly impact an organization's systems and databases. Proper management of privileged access is needed, including monitoring passwords, logging activity, and ensuring access is traceable to individual users. This is the goal of Privileged Access Management (PAM).
7. Privileged access: is defined as any feature or facility of
a multi-user information system that enables the user to
override system or application controls (e.g.
Administrator, Root, or similar high-level privileges)
Privileged accounts or identities hold special or extra
permissions within a system, application or database and
can significantly affect the organization’s business.
These accounts can grant broad access to underlying
business information in databases, grant “super user”
privileges, or can be used by authorized individuals when
elevated privileges are required to fix urgent problems.
The use of privileged accounts should be managed
and the password monitored when stored digitally.
Privileged account activity should be logged and
traceable to a unique user. This is the essence of
Privileged Access Management (PAM)
8. IDENTITY IS NOT THE NEW
PERIMETER
(HINT: THE PERIMETER IS GONE)
AUTHORIZED
Old Model New Reality
16. • Key takeaways….
• Make PAM part of your security DNA
• Ask questions about privileged
access when reviewing applications
& risk
• Educate & Engage business owners
when possible
Cleanup of current privileged
access in all environments
Define & run a new/modified
process to manage access
(Grant, revoke, manage exceptions. All aligned with policy)
Integrate the new model with Enterprise
IT Processes (ITIL, SDLC, DevOps, ITSM)
Here’s the Betty White video. I deleted it to reduce filesize. https://www.youtube.com/watch?v=yLJ6Y3eoYDA
Obligatory safe harbor
All three terms are interchangable, but Privileged ACCESS Management address the full spectrum and lifecycle for privileged identities and the systems they access
Information security has had to make the transition from a fortress mentality to the new reality. Everyone wants access from everywhere on any device to nearly everything.
Identity is the center of this new security universe.
Something as innocuous as a backup service account allowed the hacker to exfiltrate the entire DoR taxpayer database.
Essentially, the most generic pattern of attacks today is: phish –> send malware –> gather and then use valid credentials to get to your goal /in case you have to ask: why send malware if you can phish for credentials? malware can get you MORE and BETTER credentials/
This isn’t simply an IT initiative, PAM has to become part of your company’s information security awareness strategy and embedded in its respective SDLC/ITIL or analogous processes
The elements of the reference architecture are never meant to be all inclusive. You can add capabilities or leverage them as your practice matures.