A complete view on all Identities – Privileged Users And Regular Users
Historically in IT departments, privileged users and regular users have been managed under separate silos. The question is, how did this division evolve? Perhaps the simplest answer is that managing user accounts was the early focus of Identity and Access Management (IAM). And IAM was long considered an IT efficiency effort. Managing privileged identities, however, has mostly been seen as a security focused initiative.
Over time IAM branched out to encompass single sign on, identity lifecycle management and authorization. IAM graduated to IGA – Identity Governance and Administration, especially as auditors increased their focus on IT access controls in regulated industries. As it did so, IAM moved closer to security and further from its IT efficiency roots. However, the gulf between IAM/IGA and Privileged Access Management (PAM) remained.
IGA still lacked visibility into privileged accounts. PAM still had no view into user provisioning and governance. The problem is, managing privileged users and auditing their access is not optional in the modern enterprise. Part of the reason is regulatory compliance requirements that stipulate documented access control for privileged users. Just as importantly, though, is the spate of major data breaches we’ve all read so much about recently. Many of these breaches occurred due to the misuse of privileged access.
For evidence of this privileged access security problem, consider the recent Verizon Data Breach Investigations Report. According to the report, insider and privileged misuse is the second most common cause of data breaches – 16% of the total.
Privileged credentials are a primary target of cyber attacks. They allow hackers, or malicious insiders, to move anonymously from system to system, accessing and stealing private data at will. And these privileged credentials are not managed by IAM or IGA products.
Managing and governing end user access separately from privileged access opens organizations up to unnecessary risk. The silo approach creates security gaps and deprives organizations of a complete view of identity context for access-related decisions.
Integrating Privileged Users and Regular Users Under Identity Governance
Fortunately the evolution from IAM to IGA isn’t over yet. Product integrations exist today between PAM and IGA solutions that eliminate silos in enterprise identity management.
At CA Technologies we maintain a closed-loop. This helps organizations manage, control and enforce both privileged and regular user access to applications, systems and data across the enterprise – on premises and in the cloud – in a single unified platform.
IT groups have visibility into all identities under one holistic identity governance platform, making it easier to:
- Gain visibility into privileged access
- Identify users with excessive identity-related risk
- Identify segregation of duties violations, and
- Streamline on-boarding and off-boarding of users
It’s a double advantage. The privileged access security risk is mitigated, while IT operational efficiency is increased.
Article online here