When it comes to breaches, there are many areas that attackers focus on to try and gain entry to a company’s data. One that is often overlooked by the security team is privileged accounts.
“While many companies manage their privileged accounts and credentials in the same way they do the rest of their entry points, they neglect to differentiate between Privileged Access Management (PAM) and Privileged User Management (PUM). These terms are often mistakenly used interchangeably, and too many data breaches have resulted from bad actors gaining access to the company’s network through privileged accounts,” says Simon Campbell-Young, MD of Credence Security.
PUM, he explains, involves the management of a system’s existing accounts, such as administrator, root, or other administrative service accounts. These accounts are typically built into the application or systems and cannot be removed, and are often limited in number. PAM enables organisations to provide better management of privileged accounts, particularly in terms of granting access.
“PAM allows users to request specific access to applications or systems, as and when they need to – usually when they can’t do what they need to with their current level of access rights. What makes PAM so valuable is the granularity it offers. Access can be restricted to a specific amount of time, and multiple levels of elevated access — such as basic user, power user, administrative user, and system administrator – can be granted,” Campbell-Young says.
“No user should ever have elevated privileges all the time. By keeping access to a minimum, but still providing a way to elevate access when needed, PAM not only streamlines business processes, but reduces overall security risk.”
In contrast, PUM manages accounts and passwords, but doesn’t require a second authentication factor the same way PAM does, he explains. “With PUM, the access is the same for anyone using the account. With PAM, access is specific to the individual and the task they want to do.”
Campbell-Young adds that many companies implement an Identity and Access Management (IAM) solution and assume they can get the same benefits. However, IAM solutions lack the visibility into who has access to systems and they are doing on them.
“This obviously makes it harder to root out malicious insiders, but even more worrying is that privileged accounts are a good entry point for external threats. Because of the levels of access they provide, privileged accounts make access to an organisation’s systems and data easy for bad actors. If they get in, hackers can use these accounts to lock out legitimate users and create ghost accounts and backdoors,” he says.
“This is why PAM solutions have become essential. On their own, IAM and PUM provide good audit capabilities and make it easier to see and manage who is doing what, but PAM determines who can do what. Getting control over user access, permissions and rights is essential in today’s threat environment, and PAM is the only way to ensure this.”
About Credence Security
Established in 1999, Credence Security, a PAN-EMEA specialty distributor, is a leader in cybersecurity, forensics, governance, risk and compliance. With headquarters in Dubai and regional offices in Ankara, Athens, Cape Town, Istanbul, Johannesburg, London and Nairobi, Credence Security is a pure-play provider of security and forensics solutions, to both public and private sector enterprises across Europe, Middle East, Africa and India, through a select network of specialist resellers.
- I’m struggling to get going in 2021! |#LTL |#KevinBritz | Naomi Basson |#Leadership #Podcast |#ebizradio - January 25, 2021
- The real price of free social networks |#OneEyedMan Podcast |#MikeStopforth | Nerushka Bowan - January 25, 2021
- The Saturday Night Show – Tales from my stethoscope | Bruna Dessena |#AdvancedLifeSupportParamedic |#Podcst |#PayItForward - January 21, 2021
- Oops….you exposed yourself! What’s up with What’s App? |#LTM | Craig Page-Lee |#Marketing | Podcast |#ebizradio - January 21, 2021
- Why you need to be agile in 2021 |#LTC |#Coaching |Meenakshi Iyer | Northstar at Work |#Podcast |#ebizradio - January 20, 2021
- The art of virtual B2B selling in 2021 | #TalkDigitalZA |#AudreyNaidoo |#ShelleyWalters | The Sales Counsel |#Podcast | #ebizradio - January 20, 2021
- What is SELF EFFICACY? |#LTC |#kevinbritz |#Coaching | Liezl Mari Reid |#Podcast |#ebizradio - January 19, 2021
- The thinking behind the launch of print weekly DM168 |Mike Stopforth |#OneEyedManPodcast |Styli Charalambous | Daily Maverick |#ebizradio - January 18, 2021
- Love your problems |#LTL |#Leadership | Dawn Rowlands |#Dentsu |#KevinBritz |#ebizradio |#podcast - January 18, 2021
- WHY CORPORATES HAVE TO ADJUST NOW! |#LTC |#Kevinbritz | Mpume Ncube-Daka |#ebizradio |#Podcast - January 13, 2021