Having a solid Privileged Access Management (PAM) program in place is essential for protecting your organisation against security breaches from external attackers and malicious insiders. But when it comes to planning your PAM there are some crucial steps to take to ensure you have considered all weaknesses.
From having a clear understanding of the number of privileged accounts your organisation has, where they are located and what level of risk they present are among the essential steps your organisation should take when planning your PAM project. Let’s take a closer look at each step in the PAM project planning process.
1. Identify the privileged accounts that need to be monitored
The first step is understanding exactly what accounts you need to protect, by this we mean identifying the privileged accounts you need to monitor. Typically, the number of privileged accounts in an organisation is three to four the number of employees. For example, an organisation with 50 employees could have around 150 to 200 privileged accounts.
When identifying the accounts consider both human and non-human privileged access accounts, where they are located and where the credentials for each are stored. This will give an in-depth view of your privileged access environment and will help with planning your PAM project.
2. Clean-up and remove inactive user accounts
Once you understand the number of privileged accounts your organisation has and where they live, you can begin to determine which of them are active and start planning to clean-up inactive user accounts.
For example, if employees have left your organisation and the credentials for the privileged accounts they had access to haven’t been changed you could be leaving your organisation vulnerable. If you cannot or do not want to delete the accounts, consider resetting the passwords to avoid misuse or unauthorised access.
3. Track and monitor permission changes
It is good practice that once your organisation has completed the initial audit to identify privileged access accounts that you then track and monitor any permission changes. If permissions change or additional privileged accounts are created they will not be part of your organisation’s PAM plan if the plan is using data from the initial audit.
To ensure that your PAM project is successful, and your organisation is protected against security breaches, it is imperative that you maintain a constant vigilance in tracking and monitoring permission changes being made in your networks and systems.
4. Determine high-risk user accounts
The highest risk accounts will be those with elevated privileges, the accounts that have access to the following types of valuable and sensitive information:
- Personally identifiable information
- Confidential business information
- Intellectual property
- Customer data
- Financial data
Identifying these accounts will help your organisation build in extra security measures to ensure they are protected from hackers. High-risk accounts will likely be those that have access to your critical systems and as such, you may want to consider planning to use Multi-Factor Authentication (MFA) for these accounts.
MFA requires two or more forms of authentication before access is granted, it includes something you know, such as a password and something you have such as a fingerprint or one-time security code that is sent to your mobile phone.
5. Review who needs access
Privileged access accounts fall into one of two categories, human and non-human. Determine which employees, applications and systems actually need access to your privileged accounts. Tighter restrictions on access can help reduce the risk of a ransomware and malware attack.
Consider if third-party contractors have access and whether they need it. Third-party contractors that need access to privileged accounts can be one of the highest risks because you don’t have full control over how they access and manage privileged accounts or where they store the credentials.
Many breaches in recent years have involved stolen or hacked contractor laptops that stored valuable and sensitive data.
As the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets.
The CyberArk Core Privileged Access Security Solution provides organisations with the ability to take a risk-based approach to credential and session management. Enforce least privilege principles and lock down domain controllers to defend against both internal and advanced persistent threats.
Contact us today to learn more about how MTI and CyberArk can help you plan and implement a successful PAM project.