The Life Cycle of Privileged Access
Credentials (eg passwords) are part of everyone's life in the digital world. Many of them, however, provide access for critical actions, such as modifying settings on a domain controller, or for transferring financial resources from an organization's accounts. These accounts are known as privileged accounts. Thus, in times of greater regulatory requirements, including new data protection laws such as LGPD and GDPR, ensuring the protection of credentials that give access to privileged accounts is more than reducing cyber risks and avoiding millionaire sanctions, but ensuring business continuity.
Securing privileged access in any organization involves controlling user permissions to accounts, managing processes and systems in your infrastructure. This is also called Privileged Access Management, or PAM (Privileged Access Management).
Proper Privileged Access Management protects keys (credentials) that can, in the wrong hands, open doors that expose the company to cybersecurity problems. Thus, because of their importance and high impact, privileged credentials are a favorite target for malicious attackers.
According to Gartner
by 2022, 70% of organizations will implement PAM practices for all their use cases, an increase of 40% compared to today.
Gartner also recognized the importance of implementing adequate privilege management, choosing PAM for two years in a row as the number one project in Information Security. By implementing appropriate Privileged Access Management controls, it is possible to address cybersecurity needs and reduce associated risks.
Some of these risks include the lack of visibility of the assets connected to the infrastructure and their respective credentials and privileges, the lack of privileged access management and the lack of traceability of the actions carried out in the environment. And these risks are directly related, as it is impossible to track what is not managed, and it is not possible to manage what is not known.
To ensure complete protection of privileged credentials in your environment, the entire process of Privileged Access Management must be considered by those responsible for Information Security in companies, from the discovery of assets, credentials and digital certificates to the visibility of actions performed in the environment. That is why it is possible to consider the process of Privileged Access Management as a life cycle work. Thus, according to Gartner, PAM tools allow the discovery, management and control of administrative accounts, in addition to the delegation of privileged actions, solutions that cover the life cycle of Privileged Access Management can be considered.
To implement Privileged Access Management, it is first necessary to map and identify all assets connected to the environment and their respective credentials (eg passwords), including digital certificates. A PAM solution must allow the discovery, registration and management of these devices, credentials and digital certificates by scanning and analyzing the entire network. Thus, any asset inserted in the environment can be automatically registered in the solution, ensuring full visibility over the “door keys”. In addition, the tool must ensure that any account has sufficient privileges to complete the tasks assigned to it, reducing or eliminating privileges whenever possible.
In this way, it is possible to implement the principle of least privilege, bringing a balance between efficiency and security. This is the first step in the privileged access life cycle, carried out before access.
The second step in the privileged access life cycle speaks of the actions taken during access, which includes its proper management. A PAM solution should allow defining the administrator users who will be allowed to access the password of a credential for physical access, and the group of users who can use the remote access offered by the solution to access a target device, system or application. During access, it is also necessary to record all activities of privileged users. This means allowing you to see which systems and devices are being accessed and what the user's privilege level is.
All sessions in the system must be recorded on video and text, ensuring that any action on the system can be tracked and audited later, which allows you to find the cause of a cyber incident or meet audit demands. In addition, the PAM solution must be able to detect, alert and respond to any suspicious activity from users, based on their usage profiles. In this way it is possible for the organization's Security team to prevent the success of an ongoing attack.
This life cycle step also encompasses the management of secrets in DevOps environments, implementing DevSecOps. According to Gartner
by 2021, 60% of agile development teams will adopt DevSecOps practices in their environments.
Now that we have managed the accesses and permissions, and performed the necessary activities in the environment, we have reached the third step of the life cycle: check everything that was performed on the assets managed by the PAM solution .
The solution must be able to identify and allow solution administrators to audit possible privileges violations or abuses during the accesses performed in the previous step. Thus, it is possible to guarantee the traceability of all the actions performed, facilitating the audit process of all the configurations made. This allows the organization to manage the use of a privileged credential after completing access, respond quickly to incidents and reduce operating costs.
To support the three steps in the privileged access lifecycle, the PAM solution must provide the necessary resources for its correct operation, including hardware-based solutions with load balancing and systems to monitor the solution's functioning.
It is recommended to use physical appliances, with customized operating systems, native load balancers and additional security mechanisms, thus ensuring maximum protection to the organization's infrastructure not only against digital attacks, but also physical ones. Load balancing also allows you to optimize the use of resources by the hardware solution in an architecture with multiple clusters, thus ensuring maximum availability of the PAM solution.
The monitoring system of the PAM solution must allow the collection and transmission, by various means, of monitoring variables in the solution environment and its components, according to the needs of the customers. In this way, it is possible to save resources in the implementation and support with monitoring solution providers, in addition to operational gains in the problem solving process.
To increase the level of maturity in Privileged Access Management, it is necessary to implement a PAM solution and its associated processes in a perspective considering the entire life cycle of privileged access, from the provisioning of access and its realization until the moment of verification of actions carried out in the environment.
Only a solution that considers all aspects of this life cycle can assure Security teams that their “keys” are properly protected against malicious agents and other threats. In times of LGPD and GDPR, the organization must ensure compliance with cybersecurity regulations and data protection laws, if it wants to avoid millionaire fines due to security breaches due to poor management of access to privileged environments.