There are many security challenges that confront us as we strive to protect our IT environments. It’s difficult to stay on top of all these challenges, but there are a few steps we can easily take to increase our overall security posture.
I advocate for paying special attention to privilege management. Here are five reason why.
People who use privilege are anonymous – and therefore invisible
Basically, if I’m logged on as administrator it means I’m not logged on as me. You see this in services like AWS or Azure where people log on the console with a shared administrative ID. That makes tracking actions that people take – like who deleted the VM image – very hard to do.
The correct use of privilege is done just in time – but accounts are always on
You already know that getting on to the console to take administrative-level actions is something you shouldn’t be able to do all the time. Instead, it should be a “just in time” thing.
But it’s not like the administrator account simply goes away when it’s not being used. The admin accounts are always on. That means you need to manage access to these accounts in a just in time fashion.
Privilege needs systems to create friction – not remove it
One of the interesting things about Privileged Identity Management (PIM) is it’s a system specifically built to create friction. Obviously you want to keep the friction to an absolute minimum.
But in a lot of places – and particularly in the cloud – people have that soft layer administrative ID just sitting there in their brain. Or on a sticky note. Or in a password management tool. That means there’s zero friction between them and the ability to do really nasty things in the IT environment. PIM creates some accountability for the people who have elevated rights and their ability to actually use those rights at any given moment.
Automated lock down of privilege – the key to your success
Automation is key to managing privilege. If you’re trying to manage privileged credentials by hand, you’re probably going to fail. There are just too many moving pieces and too many issues to address.
It’s shocking how many people I speak with are trying to do this manually. I find that it’s especially common in the cloud because many organizations haven’t extended whatever automation they have into their new systems. Automated privilege management is the best way to secure privileged access.
Every other security control you have is meaningless if you don’t protect the method to bypass – and even shut down – all your controls
If none of the preceding reasons motivate you to pay special attention to privilege, perhaps this will. In the end, all of the other security controls you might have over your brand new shiny Azure system are pretty much useless if someone with administrative rights and turns all of the controls off – either to cover their tracks or to make life a little easier for themselves.
Now there may be no malicious intent on their part, but their actions enable other people’s malicious intents. By paying attention to privilege, you ensure that you’re enforcing security controls.
If you want more tips on implementing a least privilege system, read the Lieberman Software white paper Best Practices in Privileged Identity Management