Having an in-depth understanding of user permission and security in the cloud can help your organisation ensure it has rock-solid privileged access security measures in place to protect your assets and sensitive information.
Almost all security breaches can be tied back to an attacker stealing an admin account or credential to infiltrate the organisation. On the surface, the attacker looks like an authorised administrator and can often be attacking an organisation for weeks or months without raising suspicion or being detected.
Different types of privileged access
Gaining a deeper understanding of the different types of privileged access can help your organisation better protect itself against hackers.
Whether in the cloud or in an on-premise data centre, an administrator, device or application needs privileged accounts, credentials and secrets to access a system, such as applications, servers or routers.
It’s important to know that in the business setting, there are two types of privileged access, human and non-human.
Human privileged access is when a human accesses and manages an account with a password or more advanced credentials such as biometrics. Non-human privileged access is when access is granted to an application account, service account, SSH Key or secret. The table below shows the different types of human and non-human privileged access.
Human Privileged Access
| Domain Admin | |
| Local Admin | |
| Server Admin | |
| SSH Keys | |
| Network Admin | |
| Database Admin | |
| Application Admin | |
| Cloud Admin Console | |
| DevOps Admin Console | |
| SaaS Admin Console | |
| Emergency Account | |
| Privileged Business User |
Non- Human Privileged Access
| Application Accounts | |
| Service Accounts | |
| API Keys / Access Tokens | |
| SSH Keys | |
| Other Hard-Coded Application Secrets | |
| Certificates | |
Understanding the risks associated with privileged access
It is estimated that the number of privileged accounts in any organisation can be more than three to four times the number of employees. If an account, credential or secret that gives the hacker elevated user permissions, such as a privileged account is breached, it could result in significant damage to your organisation, including:
- Theft of assets and information
- Disruption to business continuity
- Data corruption
- Leaking of sensitive data
- Reputational damage
- Financial loss
- Locking true users out of their machines and systems using ransomware
In addition to data centres, applications, servers, network devices, endpoints and IoT devices, privileged accounts exist in the cloud. Without the proper security controls in place, organisations could be vulnerable to attack.
Hybrid cloud environments present a unique challenge in that the organisations need to secure both their on-premise and cloud environments for effective privileged access security. Multi-cloud environments, an increasingly common approach to cloud infrastructure, should also be considered for securing privileged access.
Security controls for infrastructure accounts
Ensuring you control and secure access to your on-premises and cloud infrastructure accounts is crucial as these are some of the riskiest keys to your kingdom. If on-premise and cloud infrastructure accounts aren’t properly secured, attackers can infiltrate the entire technology stack by compromising a single infrastructure account with a default and unchanged password.
To keep your assets protected ensure you:
- Have 100 percent managed accounts across your on-premise and cloud infrastructure that use secure processes and privileged access security to manage these accounts.
- Create secure credentials that are rotated frequently for all well-known infrastructure accounts. Store the credentials, passwords and secrets in a digital vault.
- Isolate and record infrastructure admin sessions.
As the leader in privileged access security, CyberArk delivers the industry’s most comprehensive solution to reduce risk created by privileged credentials. Trusted by the world’s leading organisations, CyberArk works with over 50 percent of the Fortune 100 to keep them protected from external attackers and malicious insiders.
CyberArk Privilege Cloud is a SaaS solution that provides a simplified path to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and quickly deliver scalable risk reduction to the business.
Next Steps
Download CyberArk’s Privileged Access Security guide to discover how your organisation can secure accounts, credentials and secrets, reduce the risk of cyber attacks and ensure secure privileged access security.
The guide will help you understand the internal and external risks associated with privileged access and the actions you can take to develop vigorous security controls.