The landscape of privileged accounts is becoming increasingly complex as organizations add new applications and change working styles in an ongoing COVID-19 world. Meanwhile, cyber criminals are only getting smarter. If you wait too long to plug your security gaps there’s a good chance they’ll find a way to exploit them.
Forrester’s most recent Privileged Identity Management Wave lays out the top privilege management challenges enterprises will face this year and offers advice for companies seeking solutions. These are more than predictions; Forrester’s guidance is based on their experience advising companies on technology investments and can help you build a roadmap to conquer cyber threats.
This is what they say:
Things change too frequently to allow standing privileges
As organizations grow, people change roles and priorities shift. Enterprises are increasingly relying on temporary contractors and partners to support business-critical functions. It becomes difficult to keep track of all the changes and remove access when people leave or projects end.
How should this impact your strategy?
Forrester says:
Look for PIM solutions that align to a least privilege model and just-in-time access. Employing solutions that reduce access rights to the bare minimum of what is required and can then elevate and revoke temporary access as needed enables security and risk pros to better manage privilege access. PIM solutions providing this capability, along with automated workflows for approvals, session- and time-based access, and risk-based recommendation engines, are best positioned.
All privileged users—employees and third parties—require sufficient oversight. Look for enterprise solutions that let you easily govern privileged accounts throughout their lifecycle. You should be able to set up or temporarily elevate privileges so people can get to work right away, then track and respond to privileged activity, and remove privileges when they’re no longer needed.
Machine identities are growing at twice the rate of human identities
Digital transformation is driving enterprises toward automation. The more automation, the more service accounts, bots, and robotic processes are accessing and exchanging privileged information, often without human intervention.
How should this impact your strategy?
Forrester says:
PIM solutions should support DevOps teams, IT admins configuring cloud infrastructure, bots, IoT, and API-driven workloads.
The same old security controls you’ve been using to manage on-premise, human identities aren’t going to be sufficient for the future. You’re going to need Privileged Access Management solutions that keep pace with the rise of machines and give you the oversight you need to meet security and compliance requirements.
The definition of a privileged user is expanding to include non-IT users
It used to be relatively easy to manage the small set of domain admins that held the keys to sensitive data and systems. Now, developers who build your products are using AWS, Azure, GCP, or your own cloud platform. Plus, users throughout your organization license business applications, set up user permissions, and have tremendous access to critical information, including personal data and financial transactions, without the need for IT control.
How should this impact your strategy? Forrester says:
Lightweight password vaults address sensitive business user access to shared corporate accounts. Solutions for these new use cases are best delivered as SaaS for speed, modular architecture, and better integration.
As you compare options for PAM solutions, consider all of the people who will need access to privileged accounts to do their jobs. Look for systems that use a cloud platform for streamlined delivery and that provide fine-grained access control for business users and developers, as well as traditional privileged users like IT admins.
Enterprises aren’t willing to put up with complexity
As they grow, enterprises end up with a tangled web of applications and IT systems. If these systems don’t talk to one another they leave security blind spots that are impossible to manage and control. You have the power to choose systems that are easy to use.
How should this impact your PAM decision?
Forrester says:
Just because IT environments and business demands are complex doesn’t mean PIM solutions need to be too. Look for PIM solutions that deliver an intuitive user experience and integrated PIM platform.
We’re firm believers in usable security, the idea that complex security products aren’t just difficult to use, but downright dangerous. If security controls are too cumbersome to implement, IT teams won’t adopt them. If they’re too cumbersome to use, people will find a way around them to get their jobs done.
That’s why we prioritize an intuitive user experience and create out-of-the-box integrations, plug-ins, and APIs to help IT technical teams manage our solutions with ease.
Read more of Forrester’s recommendations
To learn more about Forrester’s recommendations and support your evaluation of PIM and PAM vendors, you can read the full report by downloading a complimentary copy here.
You can then evaluate the solutions you consider to make sure they are partners for the future.