Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Least Privilege Access Control
A “Least Privileged” access control regime provides users with only the minimum level of privilege required to complete their role and day to day activities. So how do you achieve such an outcome without adding further workload to already over-burdened help-desk teams and increasing user frustration?
As part of the wider Privileged Account Management solution offering Least Privilege Access Control tools or Privilege elevation and delegation management (PEDM) deliver to these outcomes. Secure-ISS consider these tools as part of the advanced posture within our layered security approach.
What is Least Privilege Management or Privilege elevation and delegation management (PEDM)?
…” Privilege elevation and delegation management (PEDM): Specific privileges are granted on the managed system by host-based agents to logged in users. This includes host-based command control (filtering), and also privilege elevation, the latter in the form of allowing particular commands to be run with a higher level of privileges.”…
Source: Gartner Market Guide for Privileged Access Management
Published 22 August 2017 – ID G00315141
What Benefits does a least privileged solution provide to an organisation?
Endpoint Least Privilege provides a number of benefits to organisations including:
- preventing, isolating and/ or limiting the spread of viruses and malware that leverage administrative or privileged accounts;
- Providing operational efficiencies for administrative and operator activities on the endpoint;
- Providing an audit trail of privileged use and application installation across an endpoint fleet;
What do the tools do?
The toolsets often use policies to limit the scope of administrative functions and/ or prevent administrators from carrying out (potentially) unsafe activities on an endpoint, whereby such an activity could be used as an attack vector by malware and potentially do greater damage across the organisation.
The difference to the approach of PASM tools (insert a link to the PAM page) is that Least Privilege of PEDM tools elevate individual commands in isolation and not provide access to an unrestricted administrative or privileged session. PEDM tools also monitor and record privileged activity centrally or on the systems — either upon login, or during execution of the privileged commands.
Both tools (PASM and PEDM) should be considered as complimentary. Where your organisation commences their PAM journey will depend on the initial use cases, regulatory and compliance requirements, current technology stack and the roadmap for future services.
The people and process challenges of PAM
An often overlooked challenge with PAM implementations is the people and process change requirements of such an implementation. The entire organisation needs to take ownership to ensure that a PAM implementation is successful and overall implementation risk is reduced.
Organisations should ensure that they have mapped out and matured their PAM processes prior to looking for a PAM technical solution. Failing to address policies, processes and procedures at the outset introduces more and more challenges as the PAM maturity of an organisation increases.
How can Secure-ISS assist?
With the increased regulation and awareness of insider attacks to organisations, PAM solutions are a technology that businesses of all sizes should be considering as part of a layered security approach. Least privilege access control is a key component of an overall Privileged Account Management regime.
As a proven PAM implementation partner and a Managed Security Service Provider, Secure-ISS can assist your business in starting on the PAM journey or maturing your existing PAM frameworks. We provide professional services across a number of PAM program facets as well as compete turn-key solutions, whereby all solutions, licensing and ongoing professional services are provided for a per asset price.
We assist our clients with both the operation and technical deliverables but also in change management one of the most critical aspects to a PAM implementation.