The 4 Pillars of Privileged Access Management by Gartner
For a successful PAM strategy with CyberArk and Ignimission Protec
Forrester Research has estimated that, despite continually increasing cybersecurity budgets, 80% of security breaches involve privileged access abuse, and 66% of companies have been breached on average five times or more.
Privileged access is the highest level of IT access granted to specific authorized users, such as IT professionals or anyone who requires access to confidential or sensitive data, such as customer data stored in databases. Essentially, privileged accounts have additional permissions to systems, applications, and data compared to any other user account. Users must have legitimate business needs, often bound by specific timelines for such access to be approved.
Privileged Access Management (PAM) is an information security process that safeguards identities with special access or capabilities beyond regular use.
According to Gartner’s analysts “No matter how good the features and functionalities of a privileged access management (PAM) tool are, they can never replace the need for a comprehensive PAM vision.” The actual process of implementing a PAM solution affects a lot more than just infrastructure and applications: it affects the way technical professionals work in their day-to-day operations.
“When good processes and practices are enforced by an effective tool, organizations begin to achieve their PAM goals,” says Michael Kelley.
For this purpose, Gartner analysts have identified 4 key pillars for PAM programs. This blog highlights how CyberArk, a leader in the Gartner magic quadrant since 2018, associated with Ignimission Protec, will help you address all the pillars
First pillar – Track and secure every privileged account
Currently, many companies rely on manual Excel spreadsheets to keep track of privileged account inventory and passwords. Excel files are just the tip of the iceberg, having a privileged account not visible in these files is all it takes to create the the biggest risk or gateway into a company’s operating environment. Hence the importance of securing every account and ensuring we know them all. It is therefore necessary to automate the account discovery process and to continuously refresh and secure all aspects of a PAM solution.
In particular, the reason why businesses are vulnerable to cybersecurity threats and compliance issues is because they are unable to track and manage privileged sessions from a central location.
CyberArk offers a complete PAM solution with a vast information system coverage and allows its users to continuously be updated of any changes.
Ignimission Protec complements CyberArk’s security features by offering advanced and automated account reconciliation, tracking and reporting to ensure that all privilege accounts are secured into CyberArk.
PAM data quality is also substantially improved through automation and workflows.
Second pillar – Control access and govern
To achieve privileged access governance and control, there are two essential steps. In order to make sure that any modifications to accounts with privileged access are known, first develop efficient life cycle processes. Secondly, build accurate tracking to take into consideration each privileged account and the resources to which it has access.
It’s important to be able to actively manage, monitor, and restrict access to privileged accounts, as well as audit, and rotate the use of privileged sessions in order to swiftly identify and react to harmful activities, and keep an eye on privileged accounts.
A way to quickly assess the evolution of your privileged account onboarding strategy is to use Ignimission Protec’s dashboards and benefit from out-of-the-box metrics and operational reporting. In addition, you can also track the progress of your organization through predefined objectives and automated PAM metrics.
The CyberArk solution provides the tools to define an access control model on each privileged account.
Ignimission Protec helps you govern and orchestrate your PAM programs so you can automatically create access, set up workflows and have complete visibility. Thanks to Protec, you can drill down to get into the details and know at any given time who has access to what.
Third pillar – Record and audit privileged activity
Visibility into the actions and modifications made by privileged users is necessary for a PAM program to be effective. The right tools allow you to monitor user activity during every session and can document the exact who, what, where, when and why. An audit functionality within a PAM solution also means that organizations can ensure vendor accountability and compliance with industry regulations.
CyberArk’s PAM solution offers very high traceability with video recording of sessions. In case of failures, users can analyze the process: the video allows them to see what actually happened to the equipment, to verify if it was human error, malicious action, or technical.
CyberArk PASM allows you to track all account activity. CyberArk logs the history in a text file format to be able to easily search what has been recorded, if needed. Ignimission Protec provides you with the display and insights into all logs in CyberArk to track operations at ease.
With CyberArk, users can automate maintenance and provisioning of tasks, (re)start and stop services, and launch applications when needed, while maintaining the highest of security standards. Ignimission Protec complements CyberArk by the ability to facilitate PAM adoption in your organization through self-service account onboarding capabilities and control PAM adoption with the PASM bypass module.
Ignimission has set up checkpoints, developed to detect possible bypassing by correlating SIEM logs with CyberArk logs.
Fourth pillar – Operationalize privileged tasks
Automation is required to improve security and reliability by reducing human error, boosting productivity, and ultimately assisting organizations in the achievement of their strategic goals. Each system may contain an average of 5 to 10 privileged accounts. Most of the time, the total workload for operating a PAM system is underestimated. PAM is not only a project, but a journey and a new process to support in any organization. It is necessary to set up procedures and automated tools to monitor your network for newly created privileged accounts and any changes thereto. The visibility and control necessary to safeguard your sensitive information assets can only be kept up in this way.
CyberArk solutions enable audit and operations teams to monitor and record the task management and automation of related activities, as well as promote user accountability across the board.
In addition to such tasks, Ignimission Protec allows organizations to automate and operationalize day-to-day PAM delivery activities to scale, such as on/off boarding, Safe ACL, and CPM management. Redeploy FTEs for higher-impact tasks and delegate to other IT teams in your organization, allowing them to manage directly their own scope of privilege accounts.
Ignimission Protec will serve as an interface with your ecosystem to connect your PAM to your various enterprise tools, to automate all the tasks of creating these systems in the PAM solution.
As we have seen, effective management of a PAM program cannot be done without a dedicated tool. However, before you decide to purchase a PAM solution, you should define a global strategy for managing privileged accounts, including the scope to be covered and, above all, the teams involved. Without good change management up front, your PAM project is likely to fail before it even starts… To go further: discover how to Start a PAM project in the best conditions.
“CyberArk is the supercharged engine and tyres of an F1 race car and Ignimission the dashboard and power steering”, said Jean Christophe Vitu, VP Solution Engineers, EMEA at CyberArk.
Want to know more about the Ignimission Protec solution? Drop us an e-mail at contact[@]ignimission.com