ARCON hosted a webinar featuring Forrester to discuss best security practices around privileged identities. On June 5th, 2024, Harshavardhan Lale, VP – Business Development, ARCON and guest speaker Geoff Cairns, Principal Analyst, Forrester turned their attention to the role of modern Privileged Access Management (PAM) in protecting the crown jewels of an enterprise. It includes privileged identities, administrative identities, cloud consoles, AI models, credentials of interactive/ non-interactive accounts and more.
Moderated by Dushyant Arora, Marketing Lead, ARCON, both the speakers in this webinar discussed implementation of best practices in privileged access environments with the help of a robust PAM solution to combat risks around privileged identities. Moreover, there were insights about ARCON | Privileged Access Management (PAM) solution that offer capabilities to navigate through most complex PAM use cases and help to maintain strong security posture.
During the first half of the webinar, Geoff Cairns from Forrester highlighted the trends shaping the next generation of Identity and Access Management. Below are the key takeaways from the first half of the session:
- Based on data from Forrester’s 2023 Security Survey, it has been observed that the customers are struggling with the complexity of their IT environment. The challenge is more around centralized visibility that can lead to identity sprawl such as orphan accounts over privileged users and over-permissioned accounts (or over-entitlements).
- Geoff added that the evolving threat landscape is both internal and external. The hackers are capitalizing on identity-based attacks where legacy systems often are in tech silos leading to gaps in IT processes. This is further evidenced by organizations that have recently been in the news. United healthcare had acquired Change Healthcare a couple of years ago. During the process unfortunately, the organization failed to put MFA on some externally facing servers, and that resulted in identity abuse by phishing the credentials with the help of social engineering techniques.
- Referring to the Forrester Security Survey once again, Geoff presented some primary drivers that resulted in purchasing of IAM solutions in the last 12 months. 26% of respondents (security decision makers responsible for IAM security) indicated that a top driver was replacing an existing IAM solution that was ineffective or too costly. 25% responded that cloud migration requires new IAM solutions to meet the necessary security and compliance requirements in the organization.
- Continuing with the legacy IAM technology, it is a fact that with the passage of time, any IAM solution becomes less secure, inadequate robustness of the features, difficult to upgrade and costly to operate. Interestingly, it is increasing every year. The technology replacement trends that are seen in 2022, have turned more challenging in 2023 and onwards.
- Coming to the essence of Privileged Access Management (PAM), Geoff drew the reference of a newly released Forrester report on IM trends for 2024. It included ten different trends among which three different areas are relevant in this context. While talking about Privileged Access Management (PAM), he narrowed down to identity threat intelligence, cloud entitlements and visibility and management of machine identities.
- Identity Threat Detection and Response (ITDR) has been discussed a lot in the IT security community in recent times and ITDR capabilities have increasingly been incorporated into broader IAM and security platforms. Identity Threat Intelligence in this respect is interpreted as critical insights on threats to IAM systems and digital identities. It uses AI/ML algorithms to evaluate real-time risks and produces intelligence feeds for timely and relevant security measures. It enables swift action to reduce the impact and cost associated with data breaches.
- In terms of cloud entitlements, it is all about visibility and governance of cloud identities. Referring to cloud infrastructure, entitlement management is quite often used interchangeably with cloud governance. Centralized visibility and governance support multi-cloud environments like Azure, AWS, GCP. It ensures safer IaaS console configuration and data access management with CIEM (Cloud Infrastructure and Entitlement Management) practices. It is increasingly added to IAM platforms globally.
- While talking about machine identity management, Geoff highlighted the importance of operational aspects, especially when the objective is to mitigate the risks of data breaches. The growth of machine identity is going to surpass human identities to improve operational resilience. By increasing the number of machine identities, organizations can reduce risks associated with the expanded threat surface.
- Geoff put an end to his session by providing several strong PAM recommendations to protect enterprise data assets. There must be continuous supervision and improvement of preventive and reactive identity security measures through robust PAM integrations. Strong governance for privileged identities must be ensured and machine identities must be brought under a unified IAM program strategy.
In the latter half of the webinar, Harshavardhan Lale from ARCON discussed how modern privilege access management solution mitigates the challenges of protecting enterprise data assets by focusing on the real crux of the crown jewel i.e. identity. The key takeaways from his session are as follows.
- PAM helps you mitigate human errors by trying to eliminate unwanted access from people. IT security leaders always ensure that people only have access to the resources which they are entitled to automatically diminish the attack service, because instead of a user having access to 100 servers, he/ she only has access to only 10 servers/ devices. It obviously increases productivity, efficiency, and compliance.
- The array of multiple identities that we see in an enterprise are human identities, machine identities, API identities, privilege identities and BOT identities. Now all these
- identities are increasing in every industry and opening gateways for “crown jewels” in an organization.
- Harsh provided several examples of “crown jewels” in an enterprise. These are AI models, cloud management consoles, Containers, CI/ CD pipeline, users of SaaS on AWS, Azure, GCP, credentials of interactive/ non-interactive accounts, administrative identities, active directory domain controllers, infra components, IaaS/ PaaS/ SaaS, and certificate servers.
- Now the question is how do you manage these complexities using PAM solution? As there exist different crown jewels, these crown jewels are managed with the help of these identities, and these identities can be managed by deploying PAM. The basic formula is to verify, approve, authorize, allow, and monitor these identities to maintain security.
- The other way to manage the complexities is by seamless integration of MFA (Multi-Factor Authentication) both for logging to PAM and accessing critical systems/ assets.
- Just-In-Time (JIT) access is another aspect to manage and control privileged identity access only during requirements. It ensures that the right person is getting the right access to the right device at the right time for the right reasons. ARCON JIT privilege helps organizations to follow the principle of “Least Privilege”.
- PAM offers continuous monitoring and threat detection of every identity in an IT infrastructure. It helps to build identity governance and implement security practices regularly.
- The other aspect or the other way of dealing with this situation is to set up ephemeral access for all the users. With this IT administrators can ensure that identities are not trying to access (or allowed access) and authorized to your crown jewels. But they are allowed on a ‘need-to-know and ‘need-to-do’ basis only required. Hence ephemeral access will be given to create an active directory. With the help of PAM, the users are granted access and once the session is disconnected, the ephemeral account is again deleted from the system.
- If we talk about access and authorization, then granular level access control is highly imperative, especially based on end-user roles and responsibilities that exist within the organization. It builds a layer of access control for restricting unauthorized access to critical IT infrastructure.
- Auto onboarding on the other hand allows administrators to seamlessly add new server groups, user accounts with associated privileges to map new users onboarded on PAM solution. It auto-on-board users and assets and maps them to appropriate rules (based on roles).
- In continuation of Geoff’s discussion about proliferation of identities, Harsh added that identities are the weakest link to compromise enterprise information assets. It includes human (business) identities, machine identities, privileged identities, BOT identities, APIs etc. Eventually, all the identities are converged into digital identities that are provisioned/ deprovisioned/ re-provisioned to manage and control the activities.
- Discussion of modern PAM is incomplete without cloud platform/ cloud infrastructure. Enterprises can secure their cloud environment by deploying PAM through which they can onboard cloud infrastructure end users, make them access-ready, monitor the access and rotate credentials/ keys. This way, they can meet compliance requirements.
- ARCON has made onboarding quite simple through different directories for AWS, Azure, or GCP through Auto-onboarding feature. With this, IAM users can auto onboard in SaaS environment, Windows, Linux and RDS (database) users can auto onboard in IaaS and PaaS environments. This automated task can happen in every cloud platform like AWS, Azure or GCP with any requirement of an IT administrator.
- Lastly, Harsh discussed ARCON’s profile as a risk control solution provider and esteemed global PAM vendor. ARCON | PAM strengthens the security fabric in an enterprise and the IT administrators can define the policies and permissions for distinct entities wanting to access files, workloads, databases, management consoles, services, servers, containers, and many other cloud resources. It can even control misuse of over entitlements in the cloud environment that could invite unprecedented IT threats.
Conclusion
Before the final wrap, the webinar concluded by discussing several questions raised by the participants and moderated by Dushyant. Both Geoff and Harsh shared their valuable insights while answering the questions.