Malicious use of privileged credentials remains one of the biggest threats to enterprise security. That’s a real dilemma for IT operations who need access to privileged accounts on servers, routers, and other devices in order to carry out routine tasks like regularly-scheduled maintenance jobs.
The question then is how can privileged information be best protected without obstructing IT operations from performing its vital function to keep the information infrastructure running smoothly?
Every year, different organizations issue their annual list of Top 10 cybersecurity threats or security issues for the year ahead. Here’s Gartner’s Top 10 list from 2019.
Although the cybersecurity landscape is constantly changing, you’ll note that privileged access management always seems to feature prominently on most top 10 security lists, and this one’s no exception.
Securing privileged access is a bit of a specialty in the cybersecurity field, but it applies to every server, operating system, file system, application, database, and IoT device in your environment. Today’s threat landscape demands that not only do all these elements of your infrastructure need strong passwords, but they need to be changed frequently. In the case of highly sensitive infrastructure or data, the best practice is to change the password after every use!
Now if you have a smaller environment with just a few servers, applications, databases, etc., then perhaps you’re not too worried about dealing with privileged access management because it’s just another manual task you do that might be inconvenient, but doesn’t hold you up too much.
Then again, if you are in an enterprise environment, you’re probably dealing with hundreds if not thousands of servers, applications, databases, etc. Now you’ve got a very serious issue to contend with. How do you maintain proper security for every single component AND continue performing IT operations tasks as efficiently as possible?
Well, that really is the CIO’s dilemma in all of this. He or she must perform a precarious balancing act that maximizes security without compromising productivity.
On the one hand, the CIO must do everything necessary to comply with an alphabet soup of regulatory regimes and standards, such as HIPAA, PCI-DSS, GDPR, CCPA, Sarbanes Oxley, and so many more that if they were all listed here, would require a lot more scrolling on this blog post.
On the other hand, the CIO can’t compromise on preserving uptime, and dealing with shifting infrastructure priorities such as the recent and sudden switchover to working from home. They’ve also got to continue advancing the enterprise’s digital transformation, all while dealing with reduced budget and/or headcount due to the economic conditions brought on by the pandemic. And of course, there’s the growing concern about the widening skills gap.
According to Gartner, there is a solution (and we endorse it wholeheartedly).
In a paper published June 18, 2020 (ID G00376315), Gartner recommended that organizations “Create and expand automation for privileged access activities and integration with other enterprise platforms, such as identity governance and administration and IT service management.” This recommendation actually constitutes one of the 4 pillars of Gartner’s Privileged Access Management strategy.
In the same publication, Gartner points out that “Automation includes increasing reliability and security by removing the ‘human’ element. This increases efficiency by enabling privileged tasks to be run by more junior administrators with less experience or by software agents”. In other words, by taking privileged access management out of people’s hands and letting it be automated, you’re actually making your infrastructure more secure.
And just for good measure, there was one more worthwhile tidbit from this same Gartner paper, which BTW is entitled “Best Practices for Privileged Access Management Through the Four Pillars of PAM”.
Gartner offers suggestions on what privileged access management tasks to consider automating. They write “Good targets for automation are predictable and repeatable tasks, such as simple configuration changes, software installations, service restarts, log management, startup and shutdown.”
To that, we would also add routine health checkups, which is a great use case Ayehu has available for demonstration with popular privileged access management solutions such as CyberArk’s.
In summary, there are 3 main value propositions derived from automating privileged access management.
First and foremost, it’s simply more secure using a vault. That’s a bit obvious, but we shouldn’t lose sight of that.
Secondly, if you’re following best practices on frequency of password changes, then automating privileged access management means you never have to worry about password changes disrupting operations. In other words, if you’ve got a scheduled task to run on a server whose password just changed, it won’t be an issue, because both the changing of the password and its retrieval from the privileged access management solution are automated.
Finally, and this is the one every CIO loves, automating privileged access management lets you run a streamlined IT operation while simultaneously maintaining security, adherence to industry regulatory regimes, and your own enterprise best practices.
If you’re interested in test driving Ayehu NG to securely automate your privileged credentials usage, click here to download your very own free 30-day trial version today.