BR +55 11 3069 3925 | USA +1 469 620 7643

Remote Working has come of Age

by | Apr 20, 2020 | BLOG

Highlighted by the fact that many places around the world are on a virtual lockdown due to the Coronavirus, many employees are being forced to work remotely.

Today we have the technology and capability to make this happen, we have personal as well as company internet connected devices, generally good internet connectivity. In addition, organizations rely on third-party to manage their infrastructure, including the use of VPNs. However the ease with which we can work remotely has to be balanced against a company’s primary need to secure its data and adhere to current privacy regulations.

A properly implemented Privilege Access Management (PAM) solution solves the security and compliance concerns and has many other benefits for a company. These secondary benefits include a better quality of life for its employees due to flexibility and helping to reduce the greenhouse effect as commuting to the office is reduced, as well as attracting employees from across your global territory.

What is Privilege Access Management (PAM)?

PAM is the controlling of access to certain resources which have heightened  or elevated (privileged) entitlement within an organisation, these include users, systems and accounts for example, root access and admin accounts. PAM technologies provide granular access to resources and report on actions such as who attempted to access, what happened, where did this happen from, and when was this attempted.

Concerns

Security is a major concern with remote working and hackers are targeting companies for their Privilege Accounts as these represent the keys of the castle. Once a hacker has access to privileged credentials they can traverse the corporate network and gain access to confidential, private and personal data. 

Privileged accounts are historically mis-managed, companies have struggled to control access to these accounts as these accounts with their passwords are commonly shared with multiple individuals.

Many accounts have more entitlement then is required for the individual to carry out their duties and removing these privileges is not easy and there is a need to make these privileges more granular.

Compliance to privacy standards such as GDPR is mandatory and non- compliance brings potentially large fines of up to 4% of global turnover. GDPR is concerned with individuals personal data and what companies are doing to protect that data. Privilege Access Management is primarily impacted by the principal of Data Protection by Design (Article 25) and data protection impact assessment (Article 35) in order to  ensure that the system has mechanisms in place to prevent access to personal data by people who shouldn’t have it. Article 25 States that:

The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.

Privilege Access Management has the systems and mechanisms in place to prevent or restrict access to personal data. 

Before anything is done the first step is to discover what privilege accounts are in the estate and then implement a solution that addresses the Audit, Security and Compliance concerns, once this is understood then the attack surface a hacker can try to gain access to can be reduced.

How Does PAM Mitigate the Concerns

Protecting privileged accounts from hacking is difficult as the network perimeter and therefore ingress points is ever changing. Privileged accounts cannot be eliminated and therefore must be secured. Companies need to lock down their end points with better security, this means removing admin rights to those who don’t need it, deleting dormant accounts, managing passwords and reporting on activities.

From a compliance standpoint (GDPR),Businesses will need to assess whether their data processing activities are likely to result in “highrisk“ to individuals, and if so, ensure that appropriate controls are in place to restrict access to that data, this also extends to access for third parties. A PAM solution does exactly this, once implemented it can be tested via a Privacy Impact Assessment and addresses the specific factors listed in the GDPR.

Through senhasegura External Access feature, it is possible to provide fast, easy and secure access for both remote employees and third-party that need to perform privileged actions on devices managed by senhasegura with no need of VPNs, agents or passwords on the target device. Users have quick access to perform their actions, which allows seamless access to the target device. The session can be subject to the access workflow, which reduces the attack surface by assuring that remote employees and third parties will have the access to a specific asset during a determined period of time.

Conclusion

Driven by the natural disasters of the Coronavirus and natural disasters, such as bush fires in Australia, remote working has become a necessity for many workers, along with this need to be productive comes security concerns around protecting company data. A properly implemented PAM solution gives many benefits including improved productivity, lower costs and increased quality of life for employees, including remote access. Security concerns are addressed by conducting an initial audit of the estate gathering information on what privilege accounts exist. The Key benefit of a PAM solution is the ability to reduce risk associated with a security breach including a breach from insider hacks. PAM solutions are implemented to help with privacy compliance by restricting access to personal data.

You don’t have to wait for a natural disaster to realise the benefit of allowing workers to work remotely: senhasegura has a complete solution from privilege account discovery to remote employee and third-party access control with full visibility through its management and reporting console.

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber ​​Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...
Copy link