Darkness falls. A thick fog settles across the land. In a basement, dimly illuminated by the shimmer of a computer screen, there sits a hooded phantom. The face a mere shadow – worn out by a constant scroll of green matrix code. This is a hacker… at least a hacker as perceived by 95% of Internet photography! While this may conjure up cliché, the horrors unleashed by a hacker are very real…
Faster than a witch, more cunning than a werewolf, deadlier than a zombie. The black hat hacker’s malicious mischief mystifies and terrifies all types of organizations worldwide. One of the popular antidotes to this toxic epidemic is Privileged Access Security, but recently even this has fallen foul of misleading myth and frightening falsification.
Read on as we separate fact from fiction. Learn how you can evade hordes of hungry hackers, and on this Halloween and beyond, achieve ghoul-proof security.
The Current Cybersecurity Landscape
First, some truth. Data breaches spiked 54% higher in the first half of 2019 versus 2018. The reasons for this increase are, of course, complex and varied. However, a key factor is simply that the attack surface continues to grow. While hackers are getting more sophisticated in their methods and IT environments are becoming more complex and harder to defend, many organizations are slow to adopt new, proven strategies when it comes to securing systems and users.
So what can you do to better assert control over your environment and mitigate the greatest amount of threat surface the fastest? Gartner sought to address this question in publishing their list of 2019’s highest priority security projects for organizations to undertake. For those of you who click on the link (or just take our word for it) to the Gartner article, you will see Privileged Access Management (PAM) listed as “Project 1”. To cost-effectively reduce risk and enable business initiatives, IT organizations must learn how to manage human identities as well as shared admin accounts, servers, desktops, IoT, and machine credentials across diverse environments that can include on-premise, cloud, and hybrid, as well as DevOps.
Privileged Access Management Mythbusting
Below, we begin our quest in busting six sinister myths around PAM. We’ve given you two, as a fearless favor, but the other four are locked away in this free whitepaper – are you ready to unpackage the rest of these myths?
Myth 1 - Vendor Access Can be Secured Using the Session Management Capabilities of Your Password Manager
Password managers are helpful tools for users overwhelmed by the volume of passwords they need to know to access the myriad systems, portals, and applications existing across the typical organization. So, the idea of having an encrypted digital vault that can store all of this information for you, as well as generate unique and strong passwords for different services, is often an essential (and sometimes free) tool many people leverage.
But consumer-oriented password managers, such as LastPass, 1Password, and Dashlane have significant limitations. Many folks mistakenly believe that these types of password managers will offer session management capabilities that can secure vendor access. Nope.
It’s important to stress that free tools (such as RDP) alone just aren’t robust enough.
Myth 2 - PAM Requires a Large IT Team & Effort to Implement/Manage
The concept of implementing a new security technology can be daunting for many organizations – especially if your environment is made up of a variety of operating systems, legacy software, and far-flung global locations. Or, maybe you have a small IT team that is already stretched to the limit. However, a mature privileged access management solution will be simple to deploy and maintain over time. Implementing PAM is easier than you might think.
You should consult the experts—IT services providers, leading PAM solution vendors, and system integrators (SI’s). They have experience installing PAM and can turn a potentially steep learning curve into a very manageable project. Leading PAM providers will provide an extensive set of integrations, meaning you can benefit from technologies working together straight out-of-the-box, maximizing your existing IT investments and making the entire process even more seamless and efficient. Of course, with all that said, some PAM solutions are much easier to implement and maintain than others.
For less overhead and infrastructure requirements, PAM solutions can even be deployed in the cloud using SaaS (software as a service) or a hosted solution such as AWS or Azure.
We hope you’ve found this blog post insightful and revealing. Separating fact from fiction is the first step to developing the best security model for your organization. For an eye-opening analysis into all six widely held PAM myths, read our ‘Busting the 6 Myths of PAM’ now, or forever hold your peace.
Let’s send these myths to the graveyard once and for all!