Pillar No. 1: Track and secure every privileged account
The discovery of privileged accounts is fundamentally important because the existence of any unaccounted privileged access, for even a short time, carries significant risk. Discovery processes must be continuous because change is constant.
Read more: Build a Defensible Cybersecurity Program in 3 Steps
Information collection will be needed to develop governance for privileged access and will also provide action-oriented data that will enable administrators to target and remove inappropriate privileged access.
Pillar No. 2: Govern and control access
There are two keys to achieving privileged access governance and control. First, establish effective life cycle processes to ensure that all changes in accounts with privileged access are known; and second, establish proper tracking to account for every privileged account and what the account can access.
Just-in-time access is the recommended method for privileged access because it is based on the principle that access is granted only for a short period and then removed, leaving no standing privileged access.
Ultimately, this is about ensuring that the appropriate access is given so that you are driving PAM (and not allowing PAM to drive you). By having a solid understanding of current PAM use, it is easier to determine how PAM will function in an environment.
Pillar No. 3: Record and audit privileged activity
An effective PAM program requires visibility into what privileged users do and changes that have been made. A combination of tools (whenever possible and feasible) establishes visibility.
Read more: Gartner Top 10 Security Projects for 2020-2021
Privileged session recording can provide visualizations of privileged activity, and should be a critical part of a PAM toolkit. Expending a great deal of time reviewing session recordings can be a mind-numbing and ineffective exercise. Look for vendors that differentiate their products by providing users with tools that more easily find unusual activity in logs and recordings.
Pillar No. 4: Operationalize privileged tasks
Automation initiatives can be overlooked when building a PAM practice. Good targets for automation are predictable and repeatable tasks, such as simple configuration changes, software installations, service restarts, log management, startup and shutdown.
Effective automation should increase reliability and security by removing the “human” element, thus increasing efficiency and ultimately helping the business reach its strategic objectives. Supporting new DevOps or robotic process automation (RPA) initiatives, or delegating privileged access for third parties, for example, should not go unrecognized when implementing PAM tools.
This is also where interaction with other PAM tools provides value. Use change control management tools for just-in-time PAM access, manage PAM account life cycle management with an identity, governance and administration (IGA) tool, or use single sign-on and multifactor authentication to access the PAM tool.