Hi everybody. At some stage or the other we have lived away from our homes – hostels / PG accommodation / shared accommodation etc. And we have shared the key to our accommodation with our flatmate – that is providing privileged access to the place where we dwell. Let us say that our flatmate moves to a new accommodation, whether in the same neighbourhood or the same city. How we manage the flatmate’s key, is privileged access management.

 The most appropriate practice would be taking the key back. If they are not staying with us they do not need the key. Even better would be changing locks. That way, even in case they have a duplicate key, they cannot do much! This strategy, though expensive, works well even if we have not taken the key from them. Better safe, than sorry!

Privilege is an elevated right that one has over the other. ‘Privileged Access’ to IT systems means the elevated rights that certain key professionals like system and network administrators have over general users. Using those elevated rights they provide, restrict or remove  access from a machine, or an application or a general user.

79% of enterprises have had an identity-related breach within the past two years. Almost 100 % of advanced attacks rely on the exploitation of privileged credentials. Cybercrime activity has gone up by 600% since the COVID-19 Pandemic began. 

Privileged accounts or users can be IT and Non-IT. They may also be human and non-human (like RPA and other automated workflows). And these may be users with varying levels of privileges. Because there exist such users, there exist privileged accounts and credentials in any organisation. The issue is that the number of privileged accounts and credentials outstrips the number of privileged users by multiple times. This is the vulnerability that attackers look to harvest! Added to that the landscape complexity – some of the privileged accounts might be on cloud. Therefore, privileged access needs management.

 Privileged Access Management (PAM) helps build defences against compromise of identities, theft of credentials and misuse / abuse of privilege. How? By providing the users (human / non-human) with the lowest possible access to deliver their job.

 An article of this size cannot cover the topic of Privileged Access Management exhaustively. But if we were to identify a few things that are a must in a good PAM solution, then those are:

  1. Password Vault.
  2. Session Recording.
  3. Automatic Password Change – system will generate random multi-character non-dictionary word password which will also have special characters.
  4. Session monitoring & tamper proof audit trail.
  5. Remediation – if something is happening that is not as per our information security policy then we can remediate by blocking or ending the session. This can be manual or automatic based on rules.

We can help you with selecting and implementing the right PAM for your business organisation.   

 Reach out to our in-house Cyber Protection experts. They are happy to get on a call with you +91 9699662288 / info@erasmith.com.