“Agility is the ability to adapt and respond to change… agile organizations view change as an opportunity, not threat.”

 -Jim Highsmith, software engineer and author of ‘Adaptive Software Development’

The flexibility, control and responsiveness of IT operations determine how agile an organization is. IT agility is about optimizing the flow of creating value for the customer services with the available resources in zero interference. In the age of massive IT automation, organizations always face the challenge of managing thousands of end-users and their activities that ensure uninterrupted IT processes. Each and every whereabouts of the tasks and responsibilities demand intense and real-time monitoring so that IT agility is ensured. At the same time, if necessary demands and key approvals are made amid robust IT security, then the organization can be said to be ‘agile’.

How can IT Agility take a hit?

In the era of digitalization, organizations prioritize IT security policies and ensure how strictly they are followed by the end-users. The seriousness of the situation intensified during the pandemic and even in the post-pandemic time. In the last couple of years, many organizations suffered unusual, unexpected and IT operational setbacks, and thus, IT agility got a hit. With most of the critical accesses happening remotely, timely permissions and necessary denials play a crucial role to ensure security and flexibility among the organizations’ workforce.

Today hybrid work models are adopted by global organizations to stay afloat with the demanding trends. The flexibility of the entire workforce who prioritize, control and monitor the elevated and privileged activities builds up the foundation of IT agility. Excessive delay in the IT administrative tasks affects organizations in terms of smooth IT processes even if the IT security infrastructure is robust enough. It could even affect the service quality followed by slow access and unwanted delay in services.

To be precise, IT efficiency is directly proportional to IT security in any vast IT ecosystem. And if organizations are efficient enough to manage every day-to-day task with zero intervention, then we can say that the organization is agile enough to withstand cyber threats.

What about IT agility in Privileged environment?

In case of the privileged environment in an organization, IT agility ensures that all the privileged activities are happening smoothly with no hindrance. As privileged identities are the gateways to confidential business information, any organization would definitely ensure end-to-end security for all privileged activities. However, at the same time, what about the efficiency of the IT processes? Can we consider an organization agile if the approvals for elevated rights take a long time, privileged sessions are delayed due to too many privileged users, or even managing requests from one desk to the other manually? 

Let’s see how ARCON’s Privileged Access Management (PAM) solution ensures IT agility of an organization.

Role of ARCON | Privileged Access Management (PAM)

ARCON | Privileged Access Management (PAM) solution, in this backdrop, not just ensures secured access in the enterprise network, but also helps IT administrators to accomplish their tasks efficiently and on time. The flexibility of the overall business process and reliability of the stakeholders determine the extent of IT agility the organization is having. Here are some robust features of PAM solution that can help organizations to maintain agility simultaneously with protecting confidential business data assets.

Single Sign-On: In a vast IT environment, where there are multiple system administrators, maintaining efficiency is a real challenge because multiple system admins mean multiple user IDs, multiple access credentials and multiple approval procedures. Single Sign-On helps admins to overcome the challenge of managing multiple accounts by automating the access rights without the necessity to remember multiple user IDs and passwords.

User OnBoarding: It is always necessary for the IT administrators to ensure ease of offering permissions while adding new user accounts and servers groups with associated privileges. It helps administrators to provision or deprovision users by interacting with the active directory. With PAM, organizations can ensure all information on boarded stays confidential and secure.

Auto-Discovery: Identifying and tracking ownership of privileges is a real challenge for the IT Security team. With this, the IT risk management team records the details of all shared accounts and service accounts and thereby mitigates the risk of unrecorded access.

One Admin Control: In a vast IT environment, every access to the critical systems needs to happen through one admin console. All these rule and role-based access in the IT environment happens only on a ‘need-to-know’ and ‘need-to-do’ basis.  

Workflow Management: Enterprise IT agility is ensured if the administration job is prompt and hasslefree. This PAM feature automates the approval process of privileged users, user groups and service groups. In case of manual approvals, it remains time-consuming and tedious, hence Workflow Management enhances efficiency. 

AD Bridging: Different operating systems in a single network periphery could be highly challenging for the IT administrators. ARCON’s PAM solution allows organizations to use Microsoft Active Directory as the authoritative source of identity. It accepts both privileged and non-privileged accounts from non-Windows machines (eg. Linux, Unix).

Desk Insight: Attending requests from one desk to another is a real challenge for IT administrators in a vast IT environment. In order to make it efficient, this feature helps them to manage requests from one desk to another by troubleshooting a machine without moving. It even helps to allow admin rights, define a set of tasks, manage passwords etc. 

Robotic Process Automation: Who likes to do regular mundane IT tasks? The Robotic Process Automation (RPA) automates these tasks with ease, efficiency and accuracy. It also offers to customize steps for the end-users for any SSO activity. 

Conclusion

Once organizations ensure both the security and efficiency in the IT environment, IT agility is restored with zero intervention. It maintains flexibility and offers a different edge to the responsiveness of the organization. Above all, it helps to meet the requirements of the compliance standards and thereby maintains business continuity.

Integrating PAM (Privileged Access Management) can go a long way towards protecting an organization’s systems from such cyberattacks. However, PAM, by itself, might not be enough to protect a large organization. Here’s some information that can help you understand this issue and protect against it effectively.

Privileged Account Attacks – An Overview

An attacker begins the process of privileged escalation by searching for loopholes in your network system. In most cases, they will not find the level of intrusion they are looking for on the first attempt, leading them to try other alternatives to gain access to the system.

There are usually two ways in which a privilege escalation procedure can be done:

• Horizontal Privilege Escalation: The attacker may expand their privilege by obtaining control of another account. Then, they may misuse the concessions, originally granted to the legitimate account users and enter the network system. This type of escalation is usually prompted through lateral movement.
• Vertical Privilege Escalation:Unlike the horizontal method, the vertical modus operandi is all about gaining access to more permissions through an existing account. For instance, let’s assume that an attacker has taken over your privileged account. The next step in vertical privilege escalation would be to gain administrative permissions.

In order to foil these attempts, you need to be extremely attentive to the condition of your network environment.

Privilege Account Attacks – Techniques and Mitigation Procedures

There are many privilege escalation techniques which work perfectly with Windows OS. Let’s learn more about them and countermeasures that can be used against them.

1. Access Token Manipulation

The Windows Operating System usually employs access tokens to verify the owner of the system. When someone tries to deploy a specific procedure that requires privileges, the system will check with the person who owns it. Furthermore, it will also verify if the person actually has all the permissions it needs to attempt the process.

Access token manipulation usually involves tricking the system into trusting a user who is not the legitimate user. This can be done by duplicating the access token, or by creating a new process through the appropriated token to gain access. A token can also be created by leveraging the password and username of the owner.

What to do?  

Currently, there is no way to disable the form of access in Windows OS. Hence, you will need to assign some administrative lines to mitigate the threat. You may also perform regular evaluations on administrative accounts and annul them when required.

2. Bypass User Access Control

The User Access Control (UAC) of the Windows OS usually distinguishes between administrators and the regular users. It limits all applications to standardized user permissions unless the administrator authorizes something specifically. However, if the protective system of your UAC is not good enough, then programs can escalate privileges independently.

What to do?

To mitigate such an alarming issue, you will need to review your IT system regularly, set the UAC protective system to the highest level, and remove users who have left your organization and do not have administrative rights any more.

Why Should You Use PAM?

If used properly, PAM could be the ideal solution for privileged account attacks. Here’s why.

• With PAM, you can create a secure vault for all of your passwords and protect them with encryption. PAM provides a randomly generated password every day to help you to access your protected data. Hence, it will be much more difficult for hackers to predict or decrypt your passwords and enter the system.
• PAM helps you to choose how passwords will randomize on a daily basis. You can set them manually or let the system do it automatically. This means that you will have to provide a new password whenever you are entering your network. A new passcode will be generated when you leave the network as well.

• A PAM system will record all of the password requests and send you a report at the end of the day, informing you about daily transactions, reports on compliance, assets, and privileges to maintain your IT system.
• If you use third-party systems to update your network’s infrastructure, PAM can help you to keep an eye on them. If you use PAM, you will not need to share any domain credentials with outsiders while adding some additional security.
• PAM has the ability to detect multiple targets who are trying to access your system and report to you. In the meantime, it will also separate the whole “access” system if it finds that more than one user is currently in the area. This way, it will be easier for you to find out more about the user before they can log off.

Conclusion

The issue of privileged account attacks has been gaining prominence in the past year. It is imperative for an organization to invest in a PAM system and integrate it right away. For organizations that cannot carve out a budget for PAM, the mitigation tips (detailed above) can help to protect data assets until a more comprehensive solution has been adopted.

That means, the end-users require multiple credentials to access the multiple applications. Simple? Not at all. It’s a nightmare both from IT administrators and end-users’ point of view. 

The IT helpdesk administrators don’t want to spend too much time on creating credentials, nor they want to do provisioning for too many privileged users, hence credentials. It’s a huge risk. Creating too many privilege entitlements is against the best practices in privilege account management. 

Likewise, the end-users will find it difficult to remember multiple login passwords. Different IT tasks on various applications are done at different hours of the day. So every time the end-user has to log on, she will have to waste time on the validation process while accessing a new application.

To eliminate the security challenge posed by using multiple access credentials for multiple end-users, and IT administrative ineffectiveness, enterprises find merit in assigning Single-sign-on (SSO) to end-users. The technology offers one-time secure administrative access to multiple technology platforms. 

More on Single-Sign-On (SSO)

Single-Sign-On (SSO) is nothing but a validation permit that is given to an end-user to use a single login credential for multiple applications. As per the roles and responsibilities of the end-users, the IT administrators can assign SSO to the end-users. It ensures that they have a limited-period one-time access to applications that are required by the end-users to perform specific tasks. Once the task is completed, the access rights get expired automatically. It secures the IT assets of any organization from any unauthorized and unnecessary access to the elevated accounts without the need of sharing the privileged credentials.

See how ARCON | Single-Sign-On works

SSO is very relevant in the remote work environment

Protecting data at Work- From-Home (WFH) conditions is always a little more challenging for any enterprise. In the last one year, the global pandemic has pushed organizations to adopt remote work culture to ensure uninterrupted business processes. Thousands of end-users access critical information on a daily basis. Any malefactor in the IT ecosystem can wreak havoc on enterprise systems by misusing privileged credentials. The challenge of safeguarding enterprise data might intensify if organizations allow all-time access to the business-critical applications and systems through shared credentials. In this scenario, Single-Sign-On can mitigate the risk of unauthorized access by offering temporary access to the end-users without sharing the credentials.

Why ARCON Single-Sign-On?

ARCON | Single-sign-on, which also comes integrated with our enterprise-class ARCON | PAM, ARCON | PAM SaaS and ARCON | PAM Lite is a powerful tool to ensure legitimate access to critical applications. 

Here are some of the key features of ARCON | SSO:

• It centrally manages the end-users access to all IT resources such as business applications, web applications, and cloud applications 

• It can seamlessly integrate with various authentication repositories like Microsoft Active Directory, Lightweight Directory Access Protocol (LDAP) and other identity providers

• It supports standard identity protocols such as OpenID Connect, OAuth, and Security Assertion MarkUp Language (SAML)

• It automates user provisioning or De-provisioning and reduces the administrative cost involved in managing these end-users

• It helps to meet compliance, regulations and IT standards 

• It ensures time-based access on all platforms even at a granular level

Contact us if you are interested in knowing more about ARCON | SSO. 

Conclusion

ARCON | SSO helps the enterprise to mitigate some of the critical access control issues associated with too many end-users and too many applications. The solution offers seamless identification and authorization to protect applications. It is a superb and effective solution to control risks and administrative challenges arising from WFH culture.

Gartner in one of its reports namely, “Inadequate security sees surge in IoT data breaches, study shows” has confirmed that data breaches linked to IoTs have increased considerably over the last two years.

Internet of Things (IoT)

We do come across numerous IoT security breaches in the last few years. The TRENDNet Webcam hack is one of them. While TRENDnet promoted their cameras for home security and baby monitoring purposes, they hardly speculated that their devices could be under the radar of hackers. Unfortunately, within a few days, the organization came to know that there were security loopholes that were already found and exploited by cyber crooks. Due to the faulty software, anyone could access the IP address of the device and the hackers found out the login credentials only to take entire control of the devices. It is a basic security practice to secure IP addresses against hacking and encrypt login credentials which TRENDnet surprisingly failed to do and the convenience of IoT could not fructify.

Any IoT device consists of built-in sensors that are connected to the IoT platforms which store data from the connected devices. This storing of data happens very tactfully because the IoT device itself selects the data which are relevant to execute the required action and perform the desired task. With the benefits of a connected world in industries like healthcare, transportation or manufacturing in Smart cities, the devices insecurely connected to the internet pose significant security risks. Any time it can become a backdoor entry point of the hackers and cripple the entire ecosystem. If the deployment of IoT network lacks proper user authorization mechanism, secured access control or multi-factor authentication, then the cyber crooks take the opportunity to misuse the vulnerability and breach data. As a result, the entire objective of IoT convenience is destroyed.

Cloud Environment

Security breaches of cloud-based access drew the attention of the IT security officials way back in 2012. The Dropbox incident was the first eye-opener where IT officers first came to know that cloud-based access control mechanism can also be breached beyond recovery. More than 68 million user accounts, email addresses were compromised by hackers and made their way to the dark web at the price of almost $1,141. Unfortunately, Dropbox had to wash their hands off from any kind of attempt to recover the data and requested a site-wide password reset from the user base.

Following their footsteps, the National Electoral Institute of Mexico became a victim of data breach in 2016. Almost 93 million voters’ registration was compromised due to poorly configured database that made this sensitive information publicly available. Later on, it was found that the Institute was storing data insecurely on a cloud server outside the country.

Today, hosted environments like cloud platforms are more targeted by organized cyber criminals. Since CIOs nowadays prefer business enablers like cloud platforms or MSP environments to store data assets, cyber criminals are opting for advanced and sophisticated ways to breach data. This is resulting in the expansion of risk surface and higher data vulnerabilities. Even today, many organizations turn a blind eye towards the security of data while storing in the cloud or migrating to the MSP environment. An inadequate access control mechanism, absence of multi-factor authentication, absence of granular level control, lack of adaptive authentication and no provision for monitoring tasks create a huge security gap.

Role of Privileged Access Management (PAM)

The privileged accounts are always vulnerable to security threats. These accounts are typically targeted by cyber crooks to breach information due to intrinsic significance in the whole IT infra fabric. That’s why organizations need to pay close attention to who is accessing what, why and when?

Refer to our article – How Malicious Insiders are the Biggest threat to Privileged accounts?

The extent of risk depends on the number of privileged accounts – the more number of privileged accounts, the risk also increases because too many accounts increase administrators’ challenges. Organizations should adopt the principle of Least Privilege. The concept of least privileges means that IT administrators limit allocating new privileges as far as possible which helps to seamlessly manage and monitor privileged user activities.

A robust ARCON Privileged Access Management can provide adequate safeguards aimed at mitigating information systems related risks. This tool enables IT operations and security teams to effectively monitor all privileged accounts thus ensuring a smooth digital transformation journey for the organization whilst limiting the privileged user access defined by roles and rules.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real-time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.

Why Segmentation is must today
Today modern enterprises are adopting digital means for every bit of function and operations. They want to automate processes and make the IT ecosystem agile. However, in the process of digitalization, there is a proliferation of privileged identities. As a result, managing whole set identities becomes extremely challenging for an IT administrator unless there is a proper segmentation of the network and the privileged identities. This rule and role-based policy help the organization to define the tasks and remove any kind of ambiguity regarding who is doing what with an underlying set of digital identities. To know more in details, you can refer to our exclusive Newsletter on Zero Trust Privileged Access Security redefined by ARCON | PAM.

Benefits of Segmenting Identities

• Overall systematic IT infra and datacenter approach: Any enterprise always looks for a systematic approach within its IT infrastructure and datacenters. Best Privileged practices such as segmentation of identities make the administrators’ job easier as it enables seamless monitoring of the user activities. It helps in defining and segregating the set of privileged accounts (users/ user groups, services, service groups) that are meant for different target devices or systems.
• Protecting the endpoints: Unprotected endpoints are the major entry doors for malicious actors to gain illegal access to critical systems and steal confidential information. Therefore it is highly advisable to maintain the segmentation of the network at the endpoint level to avoid any kind of unauthorized access. ARCON | Endpoint Privilege Management ensures endpoint security by segmenting users based on their roles and responsibilities.
• Special focus on user role & responsibilities: The privileged users in an enterprise environment should have a segmented workstation to access privileged accounts in the network. When the roles and responsibilities of these privileged identities found in different workstations are pre-defined, it helps the administrators to monitor, control and manage the activities. The IT security staff can identify and remove any suspicious activity happening in the network periphery in real-time.

The Bottom Line:
Nowadays, large and mid-scale organizations across the globe are adopting the Zero Trust Privileged Access Security Framework to strengthen IT security infrastructure. Segmentation of the privileged identities which ensures “least privilege principle”, is the first step towards achieving the Zero Trust Security model.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real-time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.

A growing number of digital identities, however, has opened up the gates for cybercriminals. As digital identities are identifications used for connections or transactions on network and internet, hackers and malicious corporate insiders are always on a lookout to abuse them for gaining unauthorized access targeting personal and critical information assets.

One of the biggest sources of data breach are privileged identities and accounts.These identities and accounts are extremely vulnerable to abuse as they provide access to critical systems and sensitive information. These accounts are found everywhere. On premises data centers, on cloud where organizations manage hundreds of applications and databases, network assets (routers firewalls) including operational technologies (SCADA, ICS).

In a typical use case scenario, malicious insiders and compromised third party elements can take advantage when organizations pay scant attention to the rising number of privileged users in an enterprise IT environment.

Unaccounted surge in the number of endpoints and privileged accounts, consequently, provides potential ways to the compromised insiders and malicious third parties to gain access to enterprise networks and critical systems.

The threat is compounded by the fact that that these privileged accounts are often created in a ad-hoc manner. In this backdrop, there is a complete mismanagement of privileges. Absence of authorization, authentication, audit trails, monitoring and controlling of privileges puts the entire IT infrastructure under grave risk. A modern day enterprise requires a centralized and role based privileged access management that automates the entitlement and validation process including privileged access and services. These privileged access practices help in managing the lifecycle of privileged identities.

Think about how difficult would it be for the IT security team to keep a track on privileged account activities when there is no proper mechanism in place to manage and monitor privileged accounts?

Privileged Access Management offers your IT security team a sure-fire way to reinforce the security posture. It enables them to seamlessly manage the Privilege Account Lifecycle by.

1. From centrally administering and defining rule-based access policy to auto-onboarding of privileged users, your
enterprise privileged data security will never be compromised as every access will be after thorough validation

2. Auto-discovery of all privileged accounts and devices to ensure every activity is documented and no privilege
account is abused

3. No more emails and tedious documentations. Gain operational efficiency. Workflow matrix will enable to
configure approval process for user/user groups and service groups

4. Audit trails and customized reports of every privileged access to meet regulatory standards

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.

Predict: Adequate and channelized planning and evaluation of all user identities who access or require to access the accounts.

On-board: On-board all the major Privileged accounts including the shared accounts, named entities, service accounts to the PAM solution. At the same time, the number of privileged accounts should be bare minimum – exactly which is required to perform tasks.

Changed Password: Strategic planning of a proper password creation and rotation ensures all privileged accounts in the network are protected with password management policies. In addition, simple and lucid password characters that are easily predictable should be avoided.

Protect: Passwords are managed in the electronic password vault which is highly available and tamper proof in nature. Since its very difficult to establish a manual control over password change process, thus password vault automatically generates dynamic passwords for several devices at one go.

Request: Design a work-flow for access control to all relevant stakeholders within the enterprise IT environment.

Approve: It is very crucial to designate someone competent to make sure that correct approvals are defined for each and every access request to the privileged accounts. This must be managed by a solution with right audit trails to track such approvals.

Access: Defining access rules linked to the critical privileged accounts and individuals are the next important thing to ensure strict vigilance.

Control: Stringency in the security policies can control password release function and password usage function for all equipment in the system.

Monitor: Restriction of time and duration of access hours is very important to monitor user activities. Also, service, application, software accounts that are allowed remote interactions should be under security radar round the clock.

Prevent: Lastly, Privileged Access Management (PAM) program should have preventive access control policies to stop unauthorized accesses and granularly control critical activities of the IT/ system administrators.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.

As the wave of digitization sweeps across the nation, it is terribly crucial for the organizations, irrespective of large or small, to take adequate security measures for protecting their huge amount of data generated every day from various sources. The CISOs, CTOs and CSOs are ceaselessly on their toes to curb the chances of any hack or data breach incident that might push them towards big irrevocable losses. This scenario of insider threats is considered to be one of the most sinister reasons for digital disaster.

Identification of Insider Threats

The implications of insider threats largely go to the administrators and other privileged users, who are commonly

identified as the most suitable position holders who can both suffer and carry out numerous malicious activities stealthily. Their mistakes or negligence have the most severe effects. These malefactors are normally followed by contractors, consultants or even temporary workers, whose loyalty are questioned most of the time.

Precisely, insider threats take familiar forms, but the effects are augmented because they come from within and have smooth access to the organization’s official network along with sensitive credentials. Moreover, lack of data protection strategies by the management also forces them to chalk out plans sitting within the network. The best protection however can be a strong organizational focus on network/ data security basics.

Reasons of Insider Threat/ How to reduce the chances

There are several insider threat vulnerabilities that are mostly ignored in organizations.

1. BYOD process
The abundance of BYOD/ CYOD policy inherits the risk of cyber threats. The organizations do require thoughtful and comprehensive approach towards implementation of this policy. There has to be a detailed possibility assessment of whether BYOD implementation is feasible in the organization, depending on the type of industry. The employees should be trained repeatedly to make them avoid the risks of public Wi-Fi with a VPN or hotspot, and minimize the risk of lost information by keeping confidential business files in a secured cloud and not in personal devices. In this process, privilege access management plays a key role in securing the data.

2. Recruitment
Insider threats can be tackled from the recruitment process itself. The HR leaders should have thorough background checks, and pry into the prospect’s history to assess susceptibility to bribery or unfaithfulness. This can be done by scrutinizing credit history of the candidate or any debts that could be used as leverage.

3. Lack of management visibility
It is surprising to see how few organizations have little or zero visibility when it comes to network monitoring practice. However, when it comes to insider threats, organizations normally lack the ability to be sceptical or even withstand suspicious user behaviour and file movement. While chalking out a proactive insider threat plan, the CISOs, CTOs and CSOs need to be clear about the amount of network visibility in the organization. Now there are technologies like Privilege Access Management that can establish baseline activity control for users, monitor for anomalies, or even automate relevant actions. Thus it’s just wise to take advantage of the ability to be aware of what is going on in the business network.

The sly insider threats can originate on numerous fronts, and monitoring them can be a daunting task. Meeting the challenges of information security requires stringent organization policies to cultivate values and invest in Privilege Access Management (PAM) to support that value. After all, the privileged identities hold the master-keys to an organization’s network of devices and databases.

4. Leadership
The CISOs, CTOs and CSOs mirror the security management in organizations. Their strategic decision making right on time drives the organization towards a secured network periphery. Nevertheless, securing an organization requires alertness and co-operation from the entire team and not just the CSO or CIO. Cyber security policies are often considered as barriers towards progress of any organization. Unfortunately, securing an organization against insider threats requires utter cautiousness from the entire leadership team, and not just the CSO.

In a nutshell, insider threats are one of the burning issues in the cyber world. Recently, a London law firm has confirmed that the number of High Court cases in which crucial corporate data has been stolen by ex-employees or disgruntled employees has increased by 25% annually. The malicious insiders deliberately breached customer and client databases, confidential financial information and more. The ubiquity of smart phones has made it quite simpler without raising any suspicion.

ARCON provides state-of-the-art technology aimed at mitigating information systems related risks. The company’s Privileged Identity Management / Privileged Access Management solution enables blocking unauthorized access to ‘privileged identities’, while its Secured Configuration Management solution helps to comply with Governance, Risks, and Compliance (GRC) requirements .

Need a solution for safeguarding critical IT assets? Please contact us.

One-to-one meetings help us in understanding IT security needs. As an IT security provider, however, we must tell you that it is very heartening to find that organizations across all industries, have shown increased awareness towards cyber-security.

Nevertheless, there is one area about the IT security which has startled us: organizations’ lax attitude towards passwords management. In a recently concluded event held in Manila, while speaking to the audience, our Director asked how many among you change your passwords very often. Surprisingly, not many raised hands. We will have to get our basics right first. A good password management is the smallest step we can take to secure our personal information.

However, this method will not suffice for protecting your organization’s critical IT assets. This is because; privileged identities access highly sensitive data base servers. If breached by a disgruntled employee or insider, it can wreak havoc in companies. It not only damages the reputation but also inflicts material financial losses.

About two years ago, The Home Depot, one of the leading home-improvement retailers in the US, reported a data-breach incident of a gigantic proportion. Hackers stole some 40 million credit card details, including 54 million emails addresses connected with the individuals’ accounts.

The investigations into the incident revealed that hackers got hold of the customers’ payment records through the point-of-sale credit card system. This was possible as hackers had the username and password for one of the retailer’s third-party vendors. The method used by the hackers was very much like to the one used to infiltrate Target Corp’s network, just a year earlier.

What these incidents tell us is that irrespective of the size of organizations, information systems are always vulnerable to attacks. That danger amplifies especially when a company has a compromised Privileged Access Management (PAM) / Privileged Identity Management (PIM).

Indeed, the most recent Verizon data-breach investigation report has emphasized that point. Compromised privileged identities caused data breach incidents involving some of the largest corporations in the US, the report said.

The fact that hackers have been able to breach into confidential data of one of the biggest banks in the world and one of the biggest retailers in the U.S. is a major concern.

The cost involved due to a comprised PAM/PIM is huge. Home Depot incurred a cost of $19.5 million to cover the damages caused to its customers, which includes legal expenses.

Data breach incidents caused due to privileged misuse is on the rise. It might cause you a massive damage before you can even realize.

Needless to say, protecting privileged identities forms the cornerstone of IT security management.

ARCON provides state-of-the-art technology aimed at mitigating information systems related risks thereby enabling organizations to comply with Governance, Risk Management and Compliance (GRC) requirements. The company, in particular, is known for its unique Privileged Identity Management/Privileged Access Management solution, which helps deter the misuse of ‘privileged identities’.

Learn more about us at www.arconnet.com

Maybe the reason for this is lack of knowledge or awareness amongst the employees about the importance of privileged security. This was validated by Ernst and Young in their 2015 Global Information Security Survey where they identified careless or unaware employees to be one of the top two vulnerabilities exposing organizations to cyber-attacks. And if this is left unaddressed, then as per Gartner, by 2018, privileged access will be responsible for up to 60% of insider misuse and data theft incidents.

So as responsible cyber security specialists, we felt the need to create awareness on this matter. That is why the ARCON team has meticulously devised a list of 10 steps on how you can better manage Privileged Access.

1. Predict: As a first step to your privileged identity program, you must plan and evaluate all your user entries who needs to access your environment, e.g. Contractors, temporary staff, offshore employees, employees etc. As a best practice, these privileged users should be recorded and accounted for.
2. Onboard: Onboard privileged accounts including shared accounts, named entities, service accounts to the PAM solution. This also means the privileged accounts should be assigned an ownership in an indirect manner i.e. on a functional level and not an individual level. This way, your IT system is not exposed to orphan accounts whenever an individual moves out of your organization thereby securing a vulnerability.
3. Change Password: Plan a password rotation program to plan all privileged accounts in the environment are protected by your password management policies. This is best done using an SAPM tool that allows for automatic password generation and change.
4. Protect: Ensure passwords are managed in the electronic password vault which is highly available and tamper proof in nature. This allows for passwords to be stored in a highly secure electronic vault offering several layers of protection and creating a virtual fortress thereby.
5. Request: Design a workflow for password or access usage to control password access to all relevant stakeholders within your IT environment. Manually designing a workflow can be fragile and hence it is advisable to implement solutions worthy of automating processes and enforcing controls.
6. Approve: It’s important to designate competent individuals to ensure right approvals are defined for each access request. This must be managed by a solution with right audit trails to track such approvals. This will also ensure least privilege principle limiting the scope of any privileged account giving them minimum rights for performing exactly the specific task which the respective account is needed to perform and nothing more.
7. Access: Next step is to define and extend governance controls to your access rule list linked to individual and critical accounts. By doing this, you are meeting your organization’s compliance requirements by periodically reviewing and validating number of privileged users, who the privileged users are, their access rights and what activities they perform under the guise of a privileged user.
8. Control: Enforce strict policies in line with your security policies to control password release function, password usage function for all your IT equipment.
9. Monitor:Establish policies in place to log, monitor, report and analyze privileged user sessions/activity. It is highly recommended to monitor and review privileged activity real-time by implementing a live dashboard monitoring tool. Also, it is best practice to periodically review session logs and not just when an incident needs to be investigated as this helps analyze privileged user behavior to critical systems.
10. Prevent:The next and most vital level of privileged access management is to implement preventive access control policies to granularly control critical activities of IT administrators and super-users. This ensures that super-users do not have more privileges than are needed and essentially helps split up required privileges among administrators depending on their specific task. Additionally, it ensures a separation of access privileges between the administrators, developers, testers and operators on your IT systems.
The above are as we have coined it the 10 golden steps of Privileged Access Management / Privileged Identity Management. Our team’s extensive experience and expertise to analyze the IT systems have guided us in developing these steps. Our consultative approach on these matters in addition to our solutions have also primarily led to our clients follow these best practices.We advise the same approach to many of our existing clients, potential clients and partners that we have come across on several events and conferences that ARCON has been a part of. And we are certain that following the above will go a long way in providing what we call ‘absolute protection’ to your organization.

ARCON provides state-of-the-art technology aimed at mitigating information systems related risks thereby enabling organizations to comply with Governance, Risk Management and Compliance (GRC) requirements. The company, in particular, is known for its unique Privileged Identity Management/Privileged Access Management solution, which helps deter the misuse of ‘privileged identities’.

Learn more about us at www.arconnet.com