Overview
In an increasingly digitized, decentralized, and distributed IT environment, the security of data can only be possible when organizations adopt an identity-first security approach.
Indeed, the biggest cybersecurity threats lie with cybercriminals and malicious insiders who can gain easy access to critical systems and applications to compromise data and information. Such attacks become more powerful if privileged credentials are compromised. Databases and healthcare records, among others, can be vulnerable if access to that information lacks proper access control mechanisms.
In other words, it is important for security and risk management teams to ensure preparedness in the areas of access control management, identity threat detection and response, user monitoring, robust password management, reporting, and audit. A mature Privileged Access Management solution provides all of these necessary safeguards to overcome an increasing number of security challenges.
Are organizations doing enough to keep data secure?
Business organizations and governments continued to fall prey to insider and cyber threats all through 2022. While some organizations suffered due to inadequate security around cloud resources, others saw credential abuse by third-parties, and many got hurt by disgruntled employees.
As we come close to the end of 2022, we look back and examine some of the major data breaches that could have been prevented had there been a privileged access management solution in place.
Incident # 1
At the beginning of 2022, a renowned organization from the aviation industry in southwestern Asia suffered a massive data breach after one of the cloud storage buckets was left unprotected, resulting in unauthorized access and more than 20 million files being compromised.
The globally recognized cloud service provider responsible for this lax approach to IT security received harsh criticism from the global IT security community. What can you do if your cloud service provider (CSP) is not following the necessary IT security mandates? However, it’s important to note that when data and workloads are managed in IaaS, SaaS, and PaaS environments, it’s a shared responsibility between the CSP and cloud tenant to secure the data.
Today, nearly 3 out of 4 organizations are adopting cloud computing. Hybrid cloud environments are not uncommon, as organizations want to be abreast of the latest technologies.
Therefore, cloud infrastructure and entitlement management (CIEM) have become extremely important. Had there been a robust Privileged Access Management solution, the standard access control policies would have been implemented and followed, and the victim could have averted any kind of unauthorized access.
Equally important is to ensure there is inventory management in place. Discovering all underlying IT assets with privileged access, along with onboarding and offboarding IT users and privileged users, reduces the privileged attack surface. In fact, inventory management is one of the top priorities of IT risk management teams. Read our white paper, Privileged Access Management: Trends in 2023.
Also, ARCON | Privileged Access Management (PAM) provides multi-factor authentication that makes it impossible to breach data due to multiple layers of validation steps.
Furthermore, if we consider the increased cloud services, ARCON | PAM’s vRA (VMware vRealize Automation) provides secure operations across physical, virtual and cloud environments. It enables onboarding and deboarding of the privileged accounts in the systems and applications and streamlines the overall IT processes in the cloud environment. ARCON’s auto-onboarding module automates the onboarding process of all privileged accounts across AWS, GCP and Azure environments while the auto-discovery module helps in discovering privileged accounts across all systems.
Cloud compliance standards like FedRAMP, NIST and other regional and global regulations ask for agility, productivity, efficiency and security in the cloud environment. ARCON | PAM helps organizations to stay compliant with the mandates.
Incident # 2
A disgruntled employee stole massive amounts of data from one of the US-based government departments at the end of the first quarter of 2022. Almost 8.7 million files of criminal and domestic cases were leaked, including investigation details and case evidence. The incident impacted more than seventeen thousand on-going cases.
Post-investigation, it was revealed that the data management team of that department was not monitored at all. There was no mechanism to check who was accessing what, when, or why. This presumably resulted in a disaster. Government IT departments face frequent threats from bad actors. Confidential information, strategic blueprints, and citizen records—all of these data require the utmost security.
Had there been a robust Privileged Access Management (PAM) solution, there would have been role and rule-based access to systems. Each identity would have been authorized, administered, authenticated and audited.
ARCON | Privileged Access Management (PAM) solution provides much needed deep granular controls, just-in-time privileges along with complete identity lifecycle management to ensure the right person has access to the right systems at the right time.
Additionally, ARCON | PAM’s Knight Analytics detects anomalies in the logged data based on the historic records of the users (digital identities) with the help of machine learning capabilities. As a result, any organization can ensure a robust identity threat detection and response in a timely manner.
Incident # 3
Towards the end of 2022, a reputed Asia-Pacific-based health insurance organization revealed that almost 4 million customers’ data had been exposed to hackers due to a password breach of their critical database.
The number of users, applications, and service applications is proliferating, and as a result, the IT administrators are finding it a herculean task to manage the credentials. Credential management capabilities are provided by ARCON | PAM.
By implementing IT security team can:
- Automatically randomize, change, and manage credentials for databases, critical systems, administrative accounts, application service accounts, and network devices
- Enable a privileged session to be automatically established using protocols such as SSH, RDP or HTTPS without revealing credentials to privileged users
- Control the end-to-end process of requesting privileged access to databases through user interfaces by privileged users with approved/predefined policies (workflows)
Conclusion
We are ready to bid adieu to another year, and we still see that organizations are yet to have a concrete policy regarding their access management setup. Identity access management and privileged access management spaces are expanding exponentially in every industry. But simultaneously, are the organizations adopting relevant and adequate security measures to ensure a safe access control environment? The above incidents show that Privileged Access Management has been an indispensable tool to address privileged access management use cases.