Why Privileged Access Management (PAM)? Importance, Risks & More
Privileged Access Management can help enhance network security - but it does come with risks. Learn about these PAM risks & best practices to avoid them.
There was a day when organizations would grant widespread privileges to any user inside the network, on the dual assumptions that firewalls, Virtual Private Networks (VPN) and other safeguards could keep all potential bad actors out and that authorized users would not mistakenly or intentionally commit bad acts.
Many unfortunate incidents over the years have shown that these assumptions do not reflect reality. The presence of things like firewalls and VPNs has given IT professionals the misconception that their systems and data are secure. But of course, these are very incomplete security measures that leave big gaps in overall protection. As trends like digital transformation and remote/hybrid working environments drive increases in the number of human and machine identities, the need to validate these identities and ensure access control for sensitive data is more critical than ever before. That’s where Privileged Access Management comes in.
What is Privileged Access Management?
A subcategory of Identity and Access Management (IAM), Privileged Access Management (PAM) enhances network security by providing clear governance on the privileges and permissions each identity has and ensures users follow those rules. The concept is straightforward, but most IT teams aren’t using PAM to its full potential to secure data and are still opening themselves up to security risks.
Avoiding Risks: Using the Principle of Least Privilege
Each overprivileged user account is a potential vulnerability in enterprise security. If 100 employees have administrator privileges, that’s 100 potential targets for infiltrating the network through social engineering, phishing or other means. But if you limit that access to, let’s say, the two employees who really need it, your risk profile drops dramatically. Effective PAM requires auditing the overprivileged users in an enterprise’s network, limiting the number of them, and utilizing the Principle of Least Privilege (PoLP) at the center of the strategy.
PoLP—the idea that each user on the network should only have access to the functions needed to complete his or her tasks—is a helpful guide for limiting exposure. It provides a framework for account provisioning and deprovisioning that reduces the number of users who have privileges they don’t need, which closes possible gaps in security.
Unfortunately, limiting the number of overprivileged users doesn’t eliminate the risk of external threats (or even insider threats) altogether. It’s a simple fact that some users must have system administrator privileges. Someone always needs to add and remove users, issue credentials, and fix high-level network problems. Even when they are few and far between, highly privileged accounts and users whose credentials aren’t adequately safeguarded can present risks.
For example, helpdesk users often have access to other users’ local machines. When the helpdesk user accesses a local device, they drop their hash onto the other user’s computer. Once the hash is dropped, bad actors can lift it from the secondary user’s machine and gain widespread access to the network using the helpdesk’s credentials.
These hashes don’t expire and are the only measure sitting between a cybercriminal and complete freedom to alter enterprise networks via Active Directory. Even with PoLP employed, networks aren’t entirely safe from cyberattacks and data breaches.
While it’s inevitable that some users will need admin accounts, they don’t necessarily need those privileges continually. One effective technique is to pair high privileges to the context and time frame when those privileges are required—and to turn them off when they are not. Companies must begin to think of PoLP as something that applies to tasks rather than identities. Doing so lets them limit user access to only the times it is necessary.
Imagine a system that links privileges to specific tasks rather than to identities. In this scenario an IT professional might carry administrator privileges conditionally and in association with tickets for particular tasks. The privileged credentials would be downgraded when the user closes the ticket, effectively eliminating the concept of perpetually overprivileged identities.
Implementing a PAM solution that includes safeguards for risk management like this will look different for every company, and each enterprise’s approach will be unique to its specific business needs. However, PAM with PoLP at the center can help businesses reduce the potential consequences of a successful security breach.
To learn more about the power of PAM, listen to Root Causes, episode 199, "What Is Privileged Access Management?"