What Is a Privileged Identity?
Users with a privileged identity usually have some form of administrative access to critical data, systems, or sensitive information. Identities of this type include employees, consultants, partners, customers, but they can also be applications, services, things, and devices.
What Is the Principle of Least Privilege (POLP)?
The least-privilege principle refers to granting an identity only the rights and privileges it needs in order to function. A simple, centralized way of managing and securing privileged credentials is needed, as well as flexible controls to balance cybersecurity and compliance requirements with operational and end-user requirements.
Who Is the Privileged User?
A privileged user or account grants access and privileges that exceed those granted by non-privileged accounts. Privileged users will include IT Manager/Director, System/Database or Application Administrator, Development/Engineering, Auditor or Consultant, C-level or other executive. These users have greater access due to legacy, skill, or role.
What Are the Risks?
Experts estimate that as many as half of all security breaches occur as the result of insider activity. Insider threats are especially serious when associated with employees who have higher access privileges than needed.
Whether the privilege misuse occurs due to employee error or is the work of a cybercriminal who has leveraged the credentials of an insider to gain access to your IT network, you can best manage this risk by closely controlling and monitoring what privileged users, such as superusers and database administrators, are doing with their access.
Trends such as hybrid cloud, mobility, big data, CIAM, IoT, and digital transformation all introduce complexity, new threats, and levels of risk around privilege. Identities are now much more than people—they can also be devices or things—and all identities have some form of privilege.
Each day, IT grants elevated privileges to identities in the name of productivity, leading to three types of risk around privileged access: Outside Threats, Inside Threats, and Non-Compliance. All of these types of accounts are vulnerable since they have access to critical systems and information, which, in turn, exposes the company to risk.
- Outside threats – Sophisticated hackers direct phishing and spear-phishing attacks at those who would have elevated access—executives, system admins, network managers, engineers, and security workers who have access to finances, intellectual property, customer data, formulas, manufacturing processes, etc. Many of these users are sophisticated themselves, but they are still human and can be deceived. Hackers might not know which identity has access to what, but they consider the privileged ones to be the holy grail. Attackers who gain access to privileged users’ credentials can lurk undetected for months while they learn a company’s systems and decide what to steal. Experienced hackers also have the potential to hack into orphaned or privileged devices/things to gain administrative access. They can steal the contents of entire databases and easily delete the logs to hide their activity.
- Inside threats – Organizations must also protect against insider threats, both malicious and accidental. Whether they mean to or not, users who have been given or steal credentials with elevated access could easily take down a network, expose confidential information, and much more—potentially costing the organization millions of dollars in lost productivity, lost revenue, and compliance fines. There are known cases of employees or contractors performing malicious acts, but most circumstances are the result of human error or carelessness. If the company doesn’t provide a good user experience and the right access at the right time, even highly technical and trusted privileged users will find ways to get their job done—sometimes at the expense of security. Organizations must know who or what has privileges and control what they can do to minimize impact.
- Non-compliance – There are many existing compliance regulations around data access such as GDPR, HIPPA, and PCI—and it is expected that more will be introduced in the coming years. Most of these regulations are descriptive, not prescriptive, causing the implementation of policies to be open for interpretation. When policy is open for interpretation, it inherently opens you up to risk. The normalization of policy ensures that the security and identity management parts of a compliance strategy are met. As compliance and internal governance requirements continue to become more stringent and audits more grueling, organizations are also being pressured to strike a balance between keeping people productive and enforcing security controls based on identity. Many are looking for quick wins to mitigate the amount of risk their organization is facing, with the ability to prove to auditors that they have implemented the necessary standards.
The most important assets of an organization must be protected by privileged identities and access policies that give the right people access at the right time. Most organizations ignore privilege issues, don't know where to start, or only use manual processes.
Why Is Privileged Access Management Important?
IT leaders realize that one of the quickest and most impactful ways to reduce risk is to better manage their privileged identities (aka superusers). Most breaches involve gaining access to privileged credentials because they provide unlimited access to systems and data, creating a major security and compliance concern. Effectively managing the access of those users who have the ability to do the most harm—maliciously or accidentally—is a logical step in securing their organization.
Provide Visibility and Control of Privileged User Activities
Most breaches involve gaining access to privileged credentials as they provide unlimited access to systems and data, creating a major security and compliance concern.
Even though privileged accounts are a must have, they are difficult to manage because the native tools are rarely capable of doing it properly. Privileged identities are found everywhere within an organization and security standards are different in almost every circumstance. You will find privilege in applications, services, servers, databases, devices, things, etc.
There is also lack of insight into the users, dependencies, and activity in privileged accounts. Often, privileges are shared among multiple people, making it almost impossible for IT to hold anyone accountable for actions taken. Also, most organizations are unable to extend their existing authentication or authorization policies across platforms such as Linux or UNIX or to cloud services.
To minimize the risks associated with privilege, organizations must overcome several challenges, including managing, securing, and mitigating all privileged access.
Many IT organizations rely on manual, intensive, and error-prone administrative processes to manage access for privileged credentials. This is an inefficient, risky, and costly approach. In a complex hybrid environment, uncovering every identity with elevated rights can be difficult—and sometimes nearly impossible. For example, Microsoft Windows, the most widely used operating system, allows you to have service accounts, which are run by systems and applications, not people.
Accounts aren’t just for people. They can be held by systems, devices, or IoT sensors in machines. Anything that has access to critical systems is a privileged account and sometimes privileged accounts are duplicated within each system (Windows, Linux, UNIX, etc.) that they must access. While it is normal to have a large number of privileged accounts, most organizations have far more than they need. Also, as identities change, processes aren’t always followed for re-provisioning access rights.
Many organizations don’t even realize how many privileged accounts they have or that they have empty or orphaned accounts that are just waiting to be exploited. They also don’t have a way to automate the discovery of what dependencies exist. For example, if a privilege account is removed, but a critical service was utilizing it, there could be catastrophic consequences. Getting a usable baseline view of existing privileged identities is a large, time-consuming project for most—and having to do it manually is nearly impossible.
Real-life implementation of a privilege management strategy is a big challenge in a complex hybrid environment. As organizations grow, they find that their systems don’t provide the necessary access controls that organizations need around privileged users as they scale. Even the best processes and policies don’t matter if you can’t automate the enforcement in a consistent and effective way.
To help satisfy compliance and governance requirements, most organizations must have adaptive access controls in place because they face something called “privilege creep.” This happens when people change roles within the organization, but new privileges are simply expanded to reflect current needs—rather than removing those that are no longer needed.
Organizations often struggle to effectively control privileged user access to cloud platforms, SaaS applications, social media, and more, creating compliance risks and operational complexity. It is important to apply the principle of least privilege to any privileged user.
The sharing of passwords or providing too much root-level access to critical systems broadens your surface of attack and increases system complexity, making intruders harder to spot. Most users only need a subset of administrative rights to do their job, but because the native tools might not allow for granular control, the users get full administrative privileges by default. This means they now have more privileges than they need—creating unnecessary risk and potentially a compliance nightmare.
Once controls are in place, organizations need to track privileged activity and monitor it throughout the identity’s entire lifecycle to identify potential threats, remediate threats in real time, and ensure seamless audits. Attempting to do this manually can be error-prone, time consuming, and almost impossible to manage because access requirements change over time and new identities are consistently being provisioned. This is not an efficient or sustainable way to manage privileged identities, especially for large IT organizations with complex hybrid environments.
Many organizations turn to regular attestation or access certifications as part of their internal identity governance strategy, but those are usually manual processes for IT as well. And it’s likely that they aren’t tracking and recording all privileged activity.
Organizations need a way to catch the misuse of privilege and stop it immediately—not waiting until an audit or incident occurs before the investigation begins. Every organization must have a strategy to keep up with privileged access to minimize the risk of network incidents, failed internal and external audits, non-compliance fines, and the added risk of a breach.
All of these challenges could prompt a painful audit or provide an ideal opening for intruders to exploit. Organizations must have the ability to automate the identification of the over-privileged and revoke or adjust privileges when they are no longer needed.
Privileged Access Management in Practice
Managing the access of those users with the potential to harm your organization, either maliciously or accidentally, is key to ensuring your organization's security. You can reduce risk and complexity by following these steps: Discover, Control, and Monitor.
Get a comprehensive baseline of privileged identities & their dependencies.
The first step in managing privilege is to know which identities (users, services, devices, things, etc.) have elevated access and what dependencies exist, so that you have the insight you need to simplify and implement policies. Discover privileged identities and their dependencies to establish a baseline of privileged identities.
Implement identity-powered privileged management to reduce risk.
By implementing identity-powered privilege management, control reduces risk—applying policies to adjust privileges based on attributes in real time. The “least privilege” principle ensures that everyone and everything has just enough access to do their job (no more, no less).
Detect changes and track privileged activity to support governance and compliance.
Changes are identified and privilege activity is tracked to support governance and compliance. Once controls are in place, monitor changes and privilege activity throughout the entire identity lifecycle to identify potential threats and ensure governance and compliance.
Why NetIQ for Privileged Access Management?
- Proven methodology of Discover, Control, and Monitor
- Visibility into the entire privileged identity lifecycle
- Unrivaled privilege granularity with our ActiveView model
- Outstanding breadth of supported systems and applications
- Better experience with non-intrusive privileged session monitoring
- Secure, efficient, and consistent built-in workflow automation
- Single vendor coverage across your hybrid environment
- Reducesd the time it takes for audits and attestation reporting