By Gary Audin
Who manages your resources? What access do they have? How many have privileged access? It expands when you add IoT devices.
Super user accounts, those with privileged access have been poorly governed. Identity management software (IAM) may leave super user accounts uncontrolled while allowing advanced access privileges on the network.
The owners of super user accounts may have limited or no formal training in managing the accounts. Super user accounts are therefore open to security attacks if not managed properly.
Privileged Access Defined
Privileged identity management (PIM) is the monitoring and protection of super user accounts in an organization. These are accounts that can change, modify, and/or eliminate the status or condition of IT devices and software. These super user accounts are reserved for those responsible for IT and network implementations and operation.
Even though the super users are a privileged group, they must be overseen to ensure that what they do or don’t do is within their responsibilities and authority. This is necessary so that the greater access abilities of super user accounts are not misused or abused. Poorly managed accounts can lead to loss or theft of sensitive information, or introduction of malware that can compromise the network and data.
Privileged identity management and control requires:
- The creation of a policy that specifies how super user accounts will be managed and what the account holders can and cannot do
- Develop a management procedure that can be used to identify responsible parties to ensure that the policies are followed
- Inventory, monitor, verify, and audit privileged accounts
- Establish and implement tools and processes for super user access management
Managing Privileged Access
Are you contending with managing remote resources? Do you need to be a super user controlling remote IT resources for your users? Do you know who has connected to those resources and what they did? Not everyone documents what they do and in some cases not accurately. These are persistent challenges.
Are you satisfying the IT requirements? How do you keep track of all the changes, updates, and modifications being made to the IT and network environments? Are the changes well-documented? What was forgotten? Will you find out when a problem surfaces? Do you have a secure an audit trail? Can you trust and verify? Even if you have complete trust in your super users, are their credentials really safe?
Six Elements in Privileged Access
To answer the questions above, you need to manage super users and their activities.
- Authorization – This is the process of providing someone permission to do or have something in multi-user computer systems and networks. Who is allowed to be a super user?
- Authentication – This is the process for determining whether someone is in fact, who they are verifying their identity. Are they an authorized super user?
- Control – This is the power to add, modify, and restrict an action.
- Monitoring and Recording– The ability to observe and check the status and progress of IT resources over a period of time. This part knows what super users have done or not done.
- Auditing – Conducting a systematic review of the state and status of IT resources.
- Reporting – Providing an unbiased and secure account of IT resources, their state and status and the actions of super users.
Privileged Access Security, Beware of the Risks
Many businesses secure privileged access for internal and external IT staff focused solely on the privileged credentials or identities, controlling who has access. This is necessary but not sufficient. Securing the access pathways, recording access connections, and activity are also crucial to protect critical systems and data from cyber threats, malicious behavior, and errors. Privileged access is a balance between productivity, security, and ease of use.
Common Security Mistakes
The common security mistakes have many sources; negligence, malicious behavior, ignorance, and poor training of those managing resources. You may find that some people put information on posted notes visible and available to almost anybody. You have to watch for the attitude that someone knows better than you how to do a form of technologist arrogance. You have to minimize access, protect that access, and enforce security policies. There may be security patches and updates that you are slow to install. An open question is “who is watching your staff so you know that they’re performing appropriately, correctly, and securely?”
Privileged Users; are They OK?
Every time privileged access is enabled, you should have an automated mechanism that records, reports, stores, and analyzes that activity. The activity also should have a historical record so you can go back and look at the behavior of the privileged access individual. This does not mean you should mistrust them. What it means is that you should verify every action is taken, documented, and stored in a secure manner so the information about the changes cannot be compromised.