In a digital world, we continue to face ever increasing threats and consistently more sophisticated attack methods as cyber criminals seek to take advantage of businesses. As has been said many times, identity is the new security perimeter – and some identities or users present greater risks than others, namely your privileged accounts.
Estimates from Forrester, that 80% of data breaches are connected to compromised privileged credentials, further illustrate how critical it is for organisations to have an effective strategy in place to minimise their risk.
What is Privileged Access Management (PAM) and why is it important in dealing with cyber threats?
In IT, the term privilege applies to users with elevated access to important resources on the corporate network, that standard users cannot access. While it is an essential part of your IT infrastructure to have these privileged accounts, they do represent a high value target to cyber attackers, and so it is absolutely critical that they are closely monitored.
This is where Privileged Access Management (PAM) becomes an essential cornerstone of your security strategy. PAM is a security best practice which aims to better secure your business by monitoring and restricting who can access what and when.
It helps you ensure that any access to high-value assets – the Crown Jewels – and administrative tasks is managed in a secure and controlled manner to mitigate the risk of improper use by both internal and external threats. This means that every attempt to access a high-value asset, or activity that requires an elevated set of permissions, should involve a workflow to challenge, audit and approve that access.
What do the Crown Jewels look like? Typically speaking these will be assets or data that presents a negative business impact if they become unavailable or are compromised by a bad actor. They can include:
In order to gain access to these critical resources, a user will require elevated (or privileged) permissions. The issue is that today many businesses will grant these required permissions on a permanent basis to that user, which increases the risk of exposure if those credentials are compromised. You have to ask yourself, does this user really need that level of access at all times?
How can Privileged Access Management help you minimise the risk of compromising high-value assets?
One of the principles that underpins sound Privileged Access Management is that of least privilege, whereby users are granted the access needed to perform a necessary task, but only for the minimum amount of time that it is need before then revoking that access. In theory this allows employees to perform their duties without major disruption, while minimises the risk of misuse or potential for that account to be compromised.
To help implement this principle, security teams can look to Just In Time and Just Enough Access as part of their access management approach. But what do they mean?
Gone are the days – or so we hope – when standing Global Administrator access was given to users who only needed to perform a subset of administrative tasks. By limiting the number of users with full administrative access within your organisation, you are also limiting the number of high value targets for cyber criminals which could be compromised to negative effect.
To find out more about the types of permissions you can grant, see this see Administrator role permissions in Azure Active Directory for a full list.
How will implementing JIT/JEA impact day-to-day administrative tasks in your business?
One of the main objections we hear from customers is that incorporating JIT and JEA could introduce further management overhead and impact the flow of performing administrative tasks. In this instance we suggest using Azure AD Privileged Identity Management, to help make the integration of JIT and JEA practices seamless.
What about controlling access to server resources?
In addition to the ability to manage user access to Azure AD roles, Privileged Identity Management can also integrate with Azure Defender (formerly known as Azure Security Center) to provide JIT access to Virtual Machines and server resources.
You can find out more about this be review the following resources from Microsoft:
To summarise, Just In time and Just Enough access are controls available that will help mitigate the risk of excessive and permanent permissions if – or more likely when – an administrative account is compromised.
Adopting a principle of least privileged and introducing a Privileged Access Management process that will give your users the exact permissions for the time they need it, will help to minimise the risk of an attack in the case that any of your administrator credentials are compromised.
To find out more about how to implement PAM or identity security best practices for your Microsoft 365 environment, talk to Threatscape today.