During the first half of the webinar, Harshavardhan from ARCON highlighted the identity-first security approach for safeguarding organizations. He also discussed how identity risk management leaders can strengthen their security posture with cutting-edge technologies. Below are the key takeaways from the first half of the session: 

• Harshavardhan started his session with very basic insights of identities and the variety of identities that exist in IT infrastructure. The evolution of digital identities is not yet over. In fact, a lot more is about to come in the next five years. 

• Digital identities drive business models with growth, efficiency, and excellence that is directly involved in profit-making and revenue generation. If we try to construct a digital identity, there are several parameters that are considered. Personal thoughts, likes, dislikes, professional details, online activities/ behaviour, which tools are used, where the information is stored/ saved etc. are taken into account. 

• If we classify the types of digital identities, there are interactive identities and non-interactive identities. Interactive identities include human identities and machine identities (bots). Non-interactive identities include mobile devices, desktops, APIs, web servers, database servers, application servers and more. 

• The typical challenges that organizations face with identities are – lack of detailed password policies, weak and reused passwords, poor role management, too many admin accounts, auditing and compliance, multiple devices per user and more. 

• Harshavardhan added that there are different identity-based attacks that are dominant in enterprises. Some of them are – Credential Harvesting, Credential Stuffing, Social Engineering, Password-based attacks, Third/ Fourth party breaches, Attacks on AD, Kerberoasting, Pass-the-hash, Shoulder Surfing and more. 

• At the same time, he explained why identity is at the core of a Zero Trust approach and Identity Centric Security will have to be built on Convergence of IAM, PAM, and IGA with Contextual Data Models. 

Harsh added his discussion with the reasons why identity-centric security is essential in modern context. They are – 

• Increased Cyber Threats  

• Remote Work and Cloud Adoption 

• Regulatory Compliance 

• Zero Trust Security Model 

• User Experience 

• Dynamic Threat Landscape  

• Integration of Emerging Technologies: OT, IoT, AI, and machine learning 

According to him, some key features of identity-centric security are – 

• Certificate-based authentication  

• Risk-based adaptive step-up authentication  

• Automated certificate lifecycle management  

• End-to-end encryption  

• Multi-cloud ready  

• Compliance management  

• Post-quantum-ready solutions  

• Built-in crypto-agility and certificate authority (CA) resilience  

• Public and private PKI  

• Centralized visibility and control of digital certificates 

Before concluding his session, Harshavardhan gave some crucial organizational details of ARCON, a brief introduction of all the IAM solutions of ARCON and how the organization is acknowledged by global analysts’ communities consecutively in the last several years. Nevertheless, Harshavardhan also added that ARCON provides its services to multiple industry segments globally and thus it caters to the essential requirements of identity-centric security approach. 

In the latter half of the webinar, Geoff Cairns from Forrester discussed why securing your organization’s core assets is more critical amid proliferation of human and machine identities. The key takeaways from his session are as follows. 

• Based on data from Forrester’s 2023 Security Survey, it has been observed that the customers are struggling with the complexity of their IT environment. The challenge is more around centralized visibility that can lead to identity sprawl such as orphan accounts over privileged users and over-permissioned accounts (or over-entitlements).  

• Geoff added that the evolving threat landscape is both internal and external. The hackers are capitalizing on identity-based attacks where legacy systems often are in tech silos leading to gaps in IT processes. This is further evidenced by organizations that have recently been in the news. United healthcare had acquired Change Healthcare a couple of years ago. During the process unfortunately, the organization failed to put MFA on some externally facing servers, and that resulted in identity abuse by phishing the credentials with the help of social engineering techniques. 

• Referring to the Forrester Security Survey once again, Geoff presented some primary drivers that resulted in purchasing of IAM solutions in the last 12 months. 26% of respondents (security decision makers responsible for IAM security) indicated that a top driver was replacing an existing IAM solution that was ineffective or too costly. 25% responded that cloud migration requires new IAM solutions to meet the necessary security and compliance requirements in the organization. 

• Continuing with the legacy IAM technology, it is a fact that with the passage of time, any IAM solution becomes less secure, inadequate robustness of the features, difficult to upgrade and costly to operate. Interestingly, it is increasing every year. The technology replacement trends that are seen in 2022, have turned more challenging in 2023 and onwards. 

• Adding to what Harsh discussed earlier, Geoff emphasized that identity-centric security is the key to adherence to the core principles of Zero Trust. 

Geoff also discussed the dynamic accelerators for identity security namely – 

• Cloud and SaaS adoptions 

• DevOps methodology 

• Machine Identities 

• Extended third parties 

• Organizational amendments 

Adding some essentials for identity-centric security approach, Geoff discussed the key areas – 

• Visibility and Governance 

• Identity Lifecycle Automation 

• Just-In-Time Access and Zero Standing Privileges 

• Identity Threat Intelligence 

• Integrated response 

Conclusion 

Before the final wrap, the webinar concluded by discussing several questions raised by the participants and moderated by Apratim Maity from ARCON’s marketing team. Both Geoff and Harsh shared their valuable insights and recommendations while answering the questions one by one. 

Moderated by Dushyant Arora, Marketing Lead, ARCON, both the speakers in this webinar discussed implementation of best practices in privileged access environments with the help of a robust PAM solution to combat risks around privileged identities. Moreover, there were insights about ARCON | Privileged Access Management (PAM) solution that offer capabilities to navigate through most complex PAM use cases and help to maintain strong security posture.

During the first half of the webinar, Geoff Cairns from Forrester highlighted the trends shaping the next generation of Identity and Access Management. Below are the key takeaways from the first half of the session:

• Based on data from Forrester’s 2023 Security Survey, it has been observed that the customers are struggling with the complexity of their IT environment. The challenge is more around centralized visibility that can lead to identity sprawl such as orphan accounts over privileged users and over-permissioned accounts (or over-entitlements).
• Geoff added that the evolving threat landscape is both internal and external. The hackers are capitalizing on identity-based attacks where legacy systems often are in tech silos leading to gaps in IT processes. This is further evidenced by organizations that have recently been in the news. United healthcare had acquired Change Healthcare a couple of years ago. During the process unfortunately, the organization failed to put MFA on some externally facing servers, and that resulted in identity abuse by phishing the credentials with the help of social engineering techniques.
• Referring to the Forrester Security Survey once again, Geoff presented some primary drivers that resulted in purchasing of IAM solutions in the last 12 months. 26% of respondents (security decision makers responsible for IAM security) indicated that a top driver was replacing an existing IAM solution that was ineffective or too costly. 25% responded that cloud migration requires new IAM solutions to meet the necessary security and compliance requirements in the organization.
• Continuing with the legacy IAM technology, it is a fact that with the passage of time, any IAM solution becomes less secure, inadequate robustness of the features, difficult to upgrade and costly to operate. Interestingly, it is increasing every year. The technology replacement trends that are seen in 2022, have turned more challenging in 2023 and onwards.
• Coming to the essence of Privileged Access Management (PAM), Geoff drew the reference of a newly released Forrester report on IM trends for 2024. It included ten different trends among which three different areas are relevant in this context. While talking about Privileged Access Management (PAM), he narrowed down to identity threat intelligence, cloud entitlements and visibility and management of machine identities.
• Identity Threat Detection and Response (ITDR) has been discussed a lot in the IT security community in recent times and ITDR capabilities have increasingly been incorporated into broader IAM and security platforms. Identity Threat Intelligence in this respect is interpreted as critical insights on threats to IAM systems and digital identities. It uses AI/ML algorithms to evaluate real-time risks and produces intelligence feeds for timely and relevant security measures. It enables swift action to reduce the impact and cost associated with data breaches.
• In terms of cloud entitlements, it is all about visibility and governance of cloud identities. Referring to cloud infrastructure, entitlement management is quite often used interchangeably with cloud governance. Centralized visibility and governance support multi-cloud environments like Azure, AWS, GCP. It ensures safer IaaS console configuration and data access management with CIEM (Cloud Infrastructure and Entitlement Management) practices. It is increasingly added to IAM platforms globally.
• While talking about machine identity management, Geoff highlighted the importance of operational aspects, especially when the objective is to mitigate the risks of data breaches. The growth of machine identity is going to surpass human identities to improve operational resilience. By increasing the number of machine identities, organizations can reduce risks associated with the expanded threat surface.
• Geoff put an end to his session by providing several strong PAM recommendations to protect enterprise data assets. There must be continuous supervision and improvement of preventive and reactive identity security measures through robust PAM integrations. Strong governance for privileged identities must be ensured and machine identities must be brought under a unified IAM program strategy.

In the latter half of the webinar, Harshavardhan Lale from ARCON discussed how modern privilege access management solution mitigates the challenges of protecting enterprise data assets by focusing on the real crux of the crown jewel i.e. identity. The key takeaways from his session are as follows.

• PAM helps you mitigate human errors by trying to eliminate unwanted access from people. IT security leaders always ensure that people only have access to the resources which they are entitled to automatically diminish the attack service, because instead of a user having access to 100 servers, he/ she only has access to only 10 servers/ devices. It obviously increases productivity, efficiency, and compliance.
• The array of multiple identities that we see in an enterprise are human identities, machine identities, API identities, privilege identities and BOT identities. Now all these
• identities are increasing in every industry and opening gateways for “crown jewels” in an organization.
• Harsh provided several examples of “crown jewels” in an enterprise. These are AI models, cloud management consoles, Containers, CI/ CD pipeline, users of SaaS on AWS, Azure, GCP, credentials of interactive/ non-interactive accounts, administrative identities, active directory domain controllers, infra components, IaaS/ PaaS/ SaaS, and certificate servers.
• Now the question is how do you manage these complexities using PAM solution? As there exist different crown jewels, these crown jewels are managed with the help of these identities, and these identities can be managed by deploying PAM. The basic formula is to verify, approve, authorize, allow, and monitor these identities to maintain security.
• The other way to manage the complexities is by seamless integration of MFA (Multi-Factor Authentication) both for logging to PAM and accessing critical systems/ assets.
• Just-In-Time (JIT) access is another aspect to manage and control privileged identity access only during requirements. It ensures that the right person is getting the right access to the right device at the right time for the right reasons. ARCON JIT privilege helps organizations to follow the principle of “Least Privilege”.
• PAM offers continuous monitoring and threat detection of every identity in an IT infrastructure. It helps to build identity governance and implement security practices regularly.
• The other aspect or the other way of dealing with this situation is to set up ephemeral access for all the users. With this IT administrators can ensure that identities are not trying to access (or allowed access) and authorized to your crown jewels. But they are allowed on a ‘need-to-know and ‘need-to-do’ basis only required. Hence ephemeral access will be given to create an active directory. With the help of PAM, the users are granted access and once the session is disconnected, the ephemeral account is again deleted from the system.
• If we talk about access and authorization, then granular level access control is highly imperative, especially based on end-user roles and responsibilities that exist within the organization. It builds a layer of access control for restricting unauthorized access to critical IT infrastructure.
• Auto onboarding on the other hand allows administrators to seamlessly add new server groups, user accounts with associated privileges to map new users onboarded on PAM solution. It auto-on-board users and assets and maps them to appropriate rules (based on roles).
• In continuation of Geoff’s discussion about proliferation of identities, Harsh added that identities are the weakest link to compromise enterprise information assets. It includes human (business) identities, machine identities, privileged identities, BOT identities, APIs etc. Eventually, all the identities are converged into digital identities that are provisioned/ deprovisioned/ re-provisioned to manage and control the activities.
• Discussion of modern PAM is incomplete without cloud platform/ cloud infrastructure. Enterprises can secure their cloud environment by deploying PAM through which they can onboard cloud infrastructure end users, make them access-ready, monitor the access and rotate credentials/ keys. This way, they can meet compliance requirements.
• ARCON has made onboarding quite simple through different directories for AWS, Azure, or GCP through Auto-onboarding feature. With this, IAM users can auto onboard in SaaS environment, Windows, Linux and RDS (database) users can auto onboard in IaaS and PaaS environments. This automated task can happen in every cloud platform like AWS, Azure or GCP with any requirement of an IT administrator.
• Lastly, Harsh discussed ARCON’s profile as a risk control solution provider and esteemed global PAM vendor. ARCON | PAM strengthens the security fabric in an enterprise and the IT administrators can define the policies and permissions for distinct entities wanting to access files, workloads, databases, management consoles, services, servers, containers, and many other cloud resources. It can even control misuse of over entitlements in the cloud environment that could invite unprecedented IT threats.

Conclusion

Before the final wrap, the webinar concluded by discussing several questions raised by the participants and moderated by Dushyant. Both Geoff and Harsh shared their valuable insights while answering the questions.

During the first half of the webinar, Paul Fisher from KuppingerCole highlighted the traditional IT threats associated with privileged accounts in the modern organizations. He also highlighted the IT trends, technologies and future of this solution. Below are the key takeaways from the first half of the session:

• The traditional IT threats associated with privileged accounts are due to unmonitored and unrestricted access, lack of user authorization and user authentication, uncontrolled access to the database servers, weak privileged credentials, poor privileged lifecycle management, and lack of accountability. He also added that global security compliances like EU GDPR, California Privacy Act, SWIFT CSCF and their implementation prevent losses of digital assets, money and reputation.
• Adoption of several business processes are demanding more robustness of PAM solutions. Due to the drastic transformation of the work environment, organizations are counting too much on remote access, unlimited vendor access, uninterrupted customer access, data governance etc. However, security of the admin accounts and the privileged accounts remains at stake if the access control mechanisms are unable to detect and identify anomalous behaviour.
• To beef up IT security in the enterprise network of Privileged Access Management (PAM), organizations are emphasizing more on seamless monitoring of the privileged sessions, multi-factor authentication of the users, single sign-on and incorporating Zero Trust Privileged Access Security framework. Assessment of risk is given more crucial to reinforce end-to-end security in the overall IT ecosystem.
• Incident response management, forensics, endpoint protection, secure remote access and IT risk management are the security processes that organizations are following today to keep emerging IT threats at bay.
• Today privileged accounts are no more accessed only by the administrators but also by IT users in different levels of IT operations. The expansion of network, geography and the number of privileged accounts are forcing IT security teams for better management of passwords. To ensure ease of operations, the organizations keep on piling up privileged rights without keeping a track of the passwords which leads to disaster.
• The proliferation of high value data and services suggest more number of privilege accounts in modern organizations. Assessment of risk and continuous analysis of the importance of the accounts is most important to ensure secure IT infrastructure. Systematic allocation of roles and responsibilities can help organizations to track who is accessing which account at what time for what purpose. This enhances the agility and effectiveness of PAM solutions.
• The high value privilege accounts require immediate shift towards Just-In-Time privilege so that excessive standing privileges can be removed from the enterprise network. The administrators can keep a track of the privileged rights easily since the permit is temporary and requirement-based.

In the later half of the webinar Anil Bhandari from ARCON discussed the advanced use cases of Privileged Access Management (PAM) and how ARCON can help to meet the requirements to eventually move towards a successful PAM implementation. Here are the highlights of the discussion:

• Considering the general use cases of PAM today, the first and foremost point that most of the organizations prefer is to implement password-less access with all the target devices where the users can seamlessly connect with the VPNs, RDPs etc. Secondly, organizations look forward to implementing command filtering features which are necessary in scenarios where commands are given to wrong targets. PAM helps to filter the relevant firing of commands with a strong control over the access mechanism.
• Session monitoring is not only important from a security perspective but also it helps the admin team to rectify any mistakes in any of the sessions done by any user by finding out the time and location of the task. For example, if any third party vendor who is supposed to shoot a command to the production team, by mistake shoots it to the procurement team, session monitoring can help to identify the wrong command and terminate it immediately.
• In spite of having all the above mechanisms in place, organizations still struggle with a Password rotation policy especially in the mid-size and large organizations. The prevalent reasons behind it are a large number of IT assets, huge investments in new technologies without assessing the IT environment, inability to meet the needs of authorizing and authenticating users, understanding highly complex IT infrastructure, explosion of privileged IDs without any least privilege principle and so on. ARCON | PAM necessitates all the requirements under one roof.
• Since a decade, ARCON understands and emphasizes the requirement of a strong vault that can be far from attack and no data asset is lost. In addition, hundreds and thousands of passwords can be rotated in minutes with ARCON | PAM’s password vault. It has the technology of Multi-vault processors that can be aligned to the IT infrastructure on the basis of devices, user groups or lines of businesses.
• The technologies that PAM platform safeguards are enterprise OS, security devices, routing devices, telecom equipment, business applications, cloud applications, operational technologies, robotics, and IoT. ARCON | PAM helps organizations with an overall time management because no organization would like to spend an army of employees to manage PAM solutions, instead, it should be user-friendly and a self-learning experience.
• ARCON plays the role of an identity provider in an enterprise by managing the PAM lifecycle and offering a strong vault. It protects the data assets with a smart session monitoring, command filtering, and offers analytical reports on screen from which the risk assessment team can capture any kind of suspicious activity. It even directs the administrator to the right video at the right time which saves lots of time while checking all the user activity videos hours after hours.
• ARCON with its highly skilled professional services team can help organizations achieve the advanced use cases without any disruptions. Large enterprises have embarked on the journey to address the emerging threats across the globe and ARCON solutions are there to safeguard the organizations from those threats.
• ARCON is even ready for some advanced use cases. In the next 2 years, BOTs are likely to come up with a huge space. Our personal tasks could be even automated and credentials would start being hard-coded. PAM again here could play a big role to secure and automate password rotation policies.
• Lastly, Zero Trust Security model is going to be mainstream now where users can access the technologies from anywhere in the world. It requires uninterrupted assessment of the tasks done by the IT users. ARCON | Privileged Access Management (PAM) is always a step ahead with the robustness of risk-predictive mechanisms compared to the risk-preventive ones. The Predict | Protect | Prevent model of ARCON enables us to build a Zero Trust framework around privileged identities.

ARCON in this cutting-edge technology domain is always ahead in the competition as the R&D team always remains at par with the demands and trends. ARCON | Privileged Access Management (PAM) in this era of remote work conditions addresses humongous access control risks arising from daily use cases. ARCON sincerely looks forward to be a part of more webinars with KuppingerCole Analysts and explore more avenues of privileged security that can be reinforced in the new-age technologies of the next decade.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.