Historically, privileged access management has focused on protecting systems administrators and the powerful accounts used to manage critical infrastructure. Today, with the expanding adoption of cloud, DevOps, robotic process automation (RPA) and IoT – more privileged users, accounts and credentials are created every day.
Instead of only IT admins handling privileged access on network servers, the need for privileged access has expanded to departments such as HR, marketing and finance that need access to sensitive business systems and collaboration tools such as SAP, Salesforce, Workday or Slack. In addition, as digital transformation initiatives have accelerated, the number of privileged credentials associated with not only humans, but also applications and machines, has grown exponentially.
Faced with a complex threat landscape, security leaders know that having the ability to identify, monitor and manage the security of this privileged access remains a constant challenge. Privileged users have access to a company’s most essential data, infrastructure and assets – and they are also targets for attackers.
The opportunity to attack
By compromising privileged accounts attackers significantly increase the success of advanced attacks. The vast majority of attacks follow a similar pattern – attackers target privileged accounts because of the broad and powerful access they afford. They then exploit this access to move laterally across a network to further access an organization’s most critical and sensitive assets. When attackers compromise the credentials associated with privileged accounts, it increases their opportunity to further infiltrate the business and score a big payday.
So while organizations know they must protect privileged access, they also struggle with the sheer scope of where privileged accounts exist within their networks. The privileged estate has grown exponentially with the rise of cloud and automation in recent years, and the amorphous nature of identities today creates further complex security issues.
In today’s environment all identities can become privileged under certain conditions, based on the systems, environments, applications, or data they’re accessing or the types of operations they perform. Certain human or machine identities, for example, may only need access to certain systems for a limited time, but ensuring that every identity only has access to the resources that it needs, for amount of time that it needs, has become an ongoing battle.
Enforcing policies built on Zero Trust helps ensure that access never gets granted by default, while just-in-time access makes sure users only have access to the systems that they need for as long as they need it, eliminating instances of “always on” access.
Identifying privileged access accounts
Many organizations lack visibility into where exactly privileged accounts exist. The privilege-related attack surface has become much broader than anticipated and discovery projects often reveal dangerous gaps – like former employees with access that was never remediated or contractors with privileged access to systems left unmonitored. Here are a few common areas where privileged accounts exist – but are often overlooked:
- Built-in account access. Often referred to as system accounts, they are used to invoke a certain level of privileged access – typically full administrative capabilities – to a system or application. They deliver powerful levels of privileged access, and they are built into everything, can’t be removed and are required to administer an organization’s infrastructure and technology. Many times, these accounts are hard-coded with passwords that are difficult to change – making them an incredibly attractive target for attackers.
- Technical and operational privileged access. This refers to the access that employees and teams need to do their jobs. Whether it’s a developer, a server administrator or a business user accessing SAP, each requires high-privileged access to a critical system to carry out their functions. Companies also give this level of privileged access to partners and supply chain vendors to interconnect systems for greater productivity.
- Automation and application access. Machines and applications represent the fastest growing area of privileged access. As organizations push for greater automation of processes and human tasks, the volume of applications running business processes, like RPA, have dramatically increased. These systems and applications should access information and communicate with each other to work together and requires privileged access.
Organizations can’t stop cyberattacks unless they secure privileged access everywhere it exists - in the cloud, on the endpoint and throughout the DevOps pipeline. Securing privileged access keeps an organization’s most sensitive data safe from prying eyes and helps support stringent compliance requirements. It also disrupts the attack cycle to stop the progression of an attack before it impacts the business’s ability to operate.
David Higgins, technical director, CyberArk