Tue | Nov 20, 2018 | 8:05 AM PST

In today’s cyber environment, stolen and misused privileged accounts—and the access they afford to sensitive and critical data and hosts—can be used to inflict tremendous damage. Accordingly, a Zero Trust Organization ensures effective governance to secure privileged access, following a never-trust/always-verify approach to privileged access management (PAM).

Effective PAM is made possible through a two-phase approach: 

  1. Deploy foundational PAM capabilities. Lay the foundation for your PAM program with a detailed assessment, roadmap, product selection, and a functional baseline implementation. This foundation should also include a formal, documented strategy that details the business’s processes and technologies and includes information that can account for typical user behaviors. The basic implementation should also cover password management, account rotation, and access remediation for targeted systems and platforms.
  2. Extend PAM through tailored integrations. Deliver tailored initiatives and integrations based on the organization’s PAM program priorities and designed as part of a defense-in-depth strategy. This would include service account management, session/keystroke logging, fine-grained access policies, DevOps secrets management, and enterprise-level privileged access monitoring. 

In a Zero Trust Organization, all administrative traffic is funneled through a PAM tool, ensuring the effective implementation of an organization’s cybersecurity policies. A PAM tool represents a choke-point of trust and, when properly implemented, immediately adds significant value in improving the organization’s security posture. 

Implementing a PAM tool reduces the likelihood of privileged credentials being compromised or misused in both external breaches and insider attacks. Such tools also help reduce the impact of an attack when it occurs by radically shortening the time during which the organization is unaware that it is under attack or being subverted. Cloud security, anomaly detection, and securing the software development life-cycle also can be addressed with a PAM tool, as can regulatory compliance and operational efficiency.  

The Verizon 2018 Data Breach Investigations Report ranked privileged account access misuse behind only denial-of-service attacks as the most prevalent cause of cybersecurity breaches and incidents. PAM tools are critically important in a Zero Trust Organization, but they are not sufficient in themselves. They must work together with identity governance, authentication, application security, network security, and cloud security. When they do, they ensure an effective, secure Zero Trust Organization.

Learn more here, including the results of a successful PAM tool implementation.