With restrictions eased significantly in Australia, many of us are enjoying socialising again. Now that dancing is allowed in nightclubs, you may be among the first in line to get in.
Music pulsing through your body, swaying with other crammed bodies on the dance floor. Thirsty for your next cocktail, you head to the VIP lounge entrance. But wait! Security says you’re not welcome – your clothes aren’t right; you don’t have the right credentials. What’s inside isn’t for you, so you’re not going in.
Only those with legitimate access can enter the VIP lounge. Those without, however, keep trying new ways to bypass the bouncers and find their way in.
Similarly in business, cyber criminals are increasingly adept at stealing credentials from ‘VIPs’ – whether IT admins or business users – to bypass security and access restricted areas of an organisation holding critical information, applications and systems. With identity-related risk on the rise, organisations need to keep up with the tempo of attacker innovation.
Protecting against cyber security risk has taken on a greater sense of urgency, particularly as many organisations continue to rapidly transform by investing in new cloud technologies, adopting new forms of communication and delivering services to customers in innovative ways.
New ways of working have made protecting all identities, and their high levels of privileged access and related credentials, more important than ever before. Think of technologies like privileged access management (PAM) as the ultimate ‘gatekeeper’ for who gets access to what, where and for how long.
To give you an example, there are minimum requirements for users to gain initial access; often a username/password at the most basic level. These first-level credentials aren't particularly secure and can be bypassed, much like some revellers who successfully bypass doormen with fake IDs. This fallibility makes further authentication a must to properly defend the organisation’s key information and resources.
Access all areas
A night out at a club wouldn’t go so well without bar staff. They need access to staff-only areas such as behind the bar, the staff room and storage areas to mix and pour drinks, replenish bottles and review stock lists. Some of these areas will require some form of access key to enter. Only trusted staff should be provided access to these areas to prevent any pilfering.
Certain areas of IT infrastructures operate on a similar model, with these access keys allowing system admins to make changes to system or applications, add or remove users, or delete data. Sometimes these ‘super users’ will be domain admins, with extensive access across the network and are super critical to secure.
Unsurprisingly, gaining access to the credentials of these users represents the highlight of a cyber criminal’s night out… and it’s game over for the organisation if this happens.
Whether a legitimate employee or an external threat actor poses a threat, PAM helps manage and secure network access. Using the principle of least privilege, admin-level access is only granted to those who need to use it to perform their role. ‘Normal’ users will not be allowed to interface with a company’s sensitive IP, HR information, or non-public financial results. Only those with escalated privileges (VIPs) should have access to them, and even then, this should be tightly controlled.
Who stays… who gets kicked out?
Things don’t always go as planned during a night out. Partygoers try to get to where they shouldn’t, crashing other peoples’ reserved tables, or trying to score their way into the VIP lounge. Staff may ask some to leave because of undesirable behaviour and may even bar them from ever returning.
Compare this to a third-party contract ending, a consultant’s project finishing, or simply those who try and access a part of the network or an asset that they shouldn’t have access to. Once this happens, their privileged access becomes a potential security risk.
Retaining it is undesirable and unnecessary. Permissions should be de-provisioned immediately to shut off any chance of an attacker exploiting unused credentials or access. In the case of someone trying to get to where they shouldn’t be, that’s something that needs shutting down immediately.
Surveying the scene
How do organisations know where privileged access exists and, in turn, secure it?
A nightclub manager and team are tasked with observing everything that’s going on in a club. Security cameras and staff scan the dancefloor and restricted areas, watching for incidents and ensuring that all is running seamlessly.
In business, this is the IT security team. PAM allows full visibility of access to critical data and assets, and can monitor, grant and revoke that access when needed. Adopting appropriate cyber security measures to secure credential-based access is essential for organisations wanting to protect their business from disruption or loss.
It used to be easy to take a night out for granted. You don’t necessarily consider the sheer number of resources it takes to make this a reality, from bouncers that keep the obvious trouble out; the bar staff and DJs to keep you fed, watered and entertained; and the club staff that ensure that if you’re on that table or in that VIP room, it’s because have a legitimate reason to do so.
Who’s going to kick out the people having a fight on the dancefloor? You? Probably not. And that’s not even considering the behind-the-scenes efforts to keep you safe, secure and entertained.
As the number one control for managing, monitoring and protecting identities across your organisation, consider what PAM could do for you.
Andrew Slavkovic is a solutions engineering manager, ANZ at CyberArk.