Highlighted by the fact that many places around the world are on a virtual lockdown due to the Coronavirus, many employees are being forced to work remotely.
Today we have the technology and capability to make this happen, we have personal as well as company internet connected devices, generally good internet connectivity. In addition, organizations rely on third-party to manage their infrastructure, including the use of VPNs. However the ease with which we can work remotely has to be balanced against a company’s primary need to secure its data and adhere to current privacy regulations.
A properly implemented Privilege Access Management (PAM) solution solves the security and compliance concerns and has many other benefits for a company. These secondary benefits include a better quality of life for its employees due to flexibility and helping to reduce the greenhouse effect as commuting to the office is reduced, as well as attracting employees from across your global territory.
What is Privilege Access Management (PAM)?
PAM is the controlling of access to certain resources which have heightened or elevated (privileged) entitlement within an organisation, these include users, systems and accounts for example, root access and admin accounts. PAM technologies provide granular access to resources and report on actions such as who attempted to access, what happened, where did this happen from, and when was this attempted.
Security is a major concern with remote working and hackers are targeting companies for their Privilege Accounts as these represent the keys of the castle. Once a hacker has access to privileged credentials they can traverse the corporate network and gain access to confidential, private and personal data.
Privileged accounts are historically mis-managed, companies have struggled to control access to these accounts as these accounts with their passwords are commonly shared with multiple individuals.
Many accounts have more entitlement then is required for the individual to carry out their duties and removing these privileges is not easy and there is a need to make these privileges more granular.
Compliance to privacy standards such as GDPR is mandatory and non- compliance brings potentially large fines of up to 4% of global turnover. GDPR is concerned with individuals personal data and what companies are doing to protect that data. Privilege Access Management is primarily impacted by the principal of Data Protection by Design (Article 25) and data protection impact assessment (Article 35) in order to ensure that the system has mechanisms in place to prevent access to personal data by people who shouldn’t have it. Article 25 States that:
The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.
Privilege Access Management has the systems and mechanisms in place to prevent or restrict access to personal data.
Before anything is done the first step is to discover what privilege accounts are in the estate and then implement a solution that addresses the Audit, Security and Compliance concerns, once this is understood then the attack surface a hacker can try to gain access to can be reduced.
How Does PAM Mitigate the Concerns
Protecting privileged accounts from hacking is difficult as the network perimeter and therefore ingress points is ever changing. Privileged accounts cannot be eliminated and therefore must be secured. Companies need to lock down their end points with better security, this means removing admin rights to those who don’t need it, deleting dormant accounts, managing passwords and reporting on activities.
From a compliance standpoint (GDPR),Businesses will need to assess whether their data processing activities are likely to result in “highrisk“ to individuals, and if so, ensure that appropriate controls are in place to restrict access to that data, this also extends to access for third parties. A PAM solution does exactly this, once implemented it can be tested via a Privacy Impact Assessment and addresses the specific factors listed in the GDPR.
Through senhasegura External Access feature, it is possible to provide fast, easy and secure access for both remote employees and third-party that need to perform privileged actions on devices managed by senhasegura with no need of VPNs, agents or passwords on the target device. Users have quick access to perform their actions, which allows seamless access to the target device. The session can be subject to the access workflow, which reduces the attack surface by assuring that remote employees and third parties will have the access to a specific asset during a determined period of time.
Driven by the natural disasters of the Coronavirus and natural disasters, such as bush fires in Australia, remote working has become a necessity for many workers, along with this need to be productive comes security concerns around protecting company data. A properly implemented PAM solution gives many benefits including improved productivity, lower costs and increased quality of life for employees, including remote access. Security concerns are addressed by conducting an initial audit of the estate gathering information on what privilege accounts exist. The Key benefit of a PAM solution is the ability to reduce risk associated with a security breach including a breach from insider hacks. PAM solutions are implemented to help with privacy compliance by restricting access to personal data.
You don’t have to wait for a natural disaster to realise the benefit of allowing workers to work remotely: senhasegura has a complete solution from privilege account discovery to remote employee and third-party access control with full visibility through its management and reporting console.