Note: This is the third in a series of featured articles dealing with PAM strategies, passwords, and secured credentials.
For most organizations, identity and access management (IAM) is subject to constant change, shrinking deadlines, minuscule budgets, overtaxed staff, and unmerciful regulations. It’s a crucial component of organizational security and privileged account management (PAM) is particularly critical. Unfortunately, in the face of the never-ending challenges above, it’s all too common for organizations to piece together PAM “half solutions,” in hopes that the next generation of solutions will address their real world needs tomorrow. This “halfway” approach puts the organization at risk for a serious, costly breach. With the right strategy, however, privileged account management can be a success story. Consider the experience of an international credit card processing company.
This company faced all of the classic PAM challenges. With a high number of shared administrative passwords, the organization was unable to assign individual accountability to activities performed. Because users logged on to privileged accounts as administrators, there was no way to know exactly who was accessing the accounts and when, or what they were doing with them. Additionally, due to a large UNIX deployment, the challenges of the root account were of particular concern. The company used sudo ‒ a utility for UNIX- and Linux-based systems that help control what users can do at the root level ‒ but still lacked the ability to confidently address audit needs, and feared that its attempts to enforce a least-privilege model on UNIX were inconsistent and error-prone. Because the threat of a security incident or critical error is very real, it’s something that auditors particularly focus on, so the company needed to make sure it could prove individual accountability and successfully deploy a least-privilege model for its privileged accounts.
The road to successful privileged account management
- The company’s first step was to implement a privilege safe with session audit capabilities to eliminate password sharing, assign accountability to activities, and provide an audit trail when the privileged account was in use.
A privilege safe is the software equivalent of locking passwords in a physical safe and takes privileged account passwords out of the hands of the various administrators who previously shared them. Based on a strictly defined policy, when an administrator must use a full privileged account credential, he or she must request it through the privilege safe. The privilege safe automatically checks the policy, and, if all conditions are met, issues the password for a specified amount of time. When the password is “returned,” it is automatically changed, and the entire process is logged.
Privilege safe technology also is very useful for passwords hardcoded into applications. This application-to-application (A2A) and application-to-database (A2DB) activity is an often-overlooked privileged account security hole that can easily be closed with the right PAM technology. The privilege should cover not just shared accounts on systems, but those embedded in applications and service accounts on infrastructure, as well.
- The company’s next step on its path to successful privileged account management was to secure its UNIX environment and deploy root delegation for a subset of highly sensitive UNIX servers to enforce a least privilege model. For its UNIX environment, the company first centralized identity and policy for UNIX in Active Directory. It then enhanced its sudo installations with a centralized policy and reporting capability, bringing a much higher level of visibility and control to the UNIX root account. The subset of highly sensitive UNIX servers could not be served adequately with sudo, so, for those, the company replaced sudo with an extremely granular and secure root delegation and keystroke logging solution.
Delegation solutions help enforce a least-privilege model by giving administrators the least amount of privilege necessary to do their jobs, as most IT activity uses only a small portion of the administrator account capabilities, like setting up a new user, resetting a password or backing up a system. It’s important both for security and compliance that administrators have the least privilege to do the job. Privileged delegation solutions can enable you to define separate roles within the organization, and then determine which privileged account functions each of those roles needs to access.
Privileged delegations also can perform a number of other policy enforcement mechanisms, including limiting access to a defined period of time and to specific targets; target attributes such as a certain application or filesystem; or a defined command set. These solutions typically use centralized policy and provide a full audit trail with unified access reporting across the environment.
- The company also used session monitoring and key stroke logging to monitor and log all privileged activity in its privileged accounts.
It’s just as critical to audit privileged sessions as it is to control access, because it isn’t enough to simply control what administrators are allowed to do through a privilege safe and delegation. Session audits and keystroke logging are two alternatives for observing administrator activity ‒ providing the capability to see what they actually do with those rights, which is particularly important for compliance. Even though the best delegation and privilege safe solutions include the ability to track activity performed through controlled access rights, they won’t tell you everything the user does. Here’s how session monitoring and keystroke logging work:
- Session audits - When combined with a privilege safe, session audits provide a thoroughly documented view of activities performed with the issued password. They also include command control to restrict actions and enforce a time limit, and even can force a session to end.
- Keystroke logging - Typically available with platform-specific delegation tools, keystroke logging records everything typed and makes it available for search later.
Once the company deployed these solutions, the result was an immediate improvement in security for its privileged accounts. The organization also gained peace of mind from the knowledge that administrators only had access to perform approved activities. The PAM story doesn’t end there, however, because the final step on the journey to successful privileged account management is governance.
A key principle for prioritizing identity and access management is that access and security must be satisfied before moving on to management and governance. Many organizations have progressed far enough in the management of user access and identities that they now can start addressing their security and governance objectives. Privileged accounts, however, are a few years behind end user accounts in terms of this evolution.
For privileged accounts, most of the current discussion is still focused on the most efficient way to grant and secure access. The inevitable result of this focus is better control; but, once you’ve achieved optimum control, what’s next? The answer is governance ‒ the process of providing and continually ensuring the right access to those who need it while streamlining management and ensuring compliance.
In an ideal world, governance means there would be a single universal policy and set of roles, and a common interface controlling both end user and privileged user access. And, when a new administrator is hired, the same automated processes that set up his or her application accounts and access also will set up the correct privileged accounts, including all the necessary least-privilege and privilege safe rights, approvals and workflows.
Most importantly, imagine the advantages to the organization if the most difficult governance activities – usually attestations –were executed with the same convenience, and through the same solution already in use for access governance for both applications and unstructured data. That’s a governance strategy that will enhance both value and business-enabling opportunity for the organization.
Privileged access can lead to a serious security risk, and the steps taken to protect it must be well thought out, practical and balanced. The strategy used by the aforementioned organization represents an actionable, affordable and sustainable approach to the challenges of privileged account management. By adopting this type of modular and integrated strategy for the technology used for privileged access management ‒ and adding governance to your strategy ‒ your organization can focus on achieving its business goals and feel confident that privileged accounts are not conduits for a costly security breach.
About the Author:
Bill Evans is the senior director of product marketing for the Identity and Access Management businesses within Dell Security. In this role, Bill drives the strategic direction for the team which includes setting product and solution positioning, creating the global direction for demand gen and other sales support efforts as well as providing content for sales enablement activities.
Prior to his current role, Bill served as product marketing director for Dell’s Windows and SharePoint businesses as well as general manager of the SharePoint and Notes transition business unit at Quest Software. He joined Quest in 2004 with the acquisition of Aelita Software.
