Privileged identity is best summed up as the very powerful but required administrative accounts and rights built into every technology – from the biggest server to the smallest set top box. Privileged identity is everywhere, which makes tackling it a challenge. Another challenge is people who need access to privilege are also everywhere. Your administrators, often your everyday users, contractors, and more need this elevated access to get things done. The spreading of privileged identity – sometimes referred to as “access sprawl” – makes it difficult to keep the bad guys out. In today’s world, intruders are hopping over your firewalls and finding a treasure trove of privileged access waiting for them. Meanwhile, insiders with bad intentions are able to hold on to their administrative access and wreak havoc on your organization. Privileged Identity Management (PIM) is the art of securing privileged identities while also enabling business to be fluid.
With PIM done well, you reduce risk, enhance efficiency, meet compliance needs, and build a strong cyber defense behind the firewall. Every unmanaged privileged identity is a risk not worth taking. PIM mitigates that risk by both managing the credential where it lives and controlling who can use the credential at all times. This management means people who need legitimate access can get it in a predictable, repeatable manner. PIM also makes sure you always know who has what power at any time, which both removes individual risk for your administrators and provides the audit trail every regulated organization needs. All this combined means you can defeat the bad guys before they get a chance to do real damage. Whether they slipped past your perimeter defense or were invited in as a contractor, they’re now looking for unsecured privilege to raise their attacks to a higher level and PIM done well stops them in their tracks.
What we will do here is spell out how you can do PIM well and reap these rewards. We’ll start with a quick list of all the best practices we’ve collected from decades of experience helping customers. Then we’ll dive into each of these practices to give you practical insight on how you can put them into action.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program