Insight

Deploying privileged access management solutions

How are you taking control of your administrators and their privileged access in your organization?

Given the increase in highly publicized cybersecurity breaches and insider threats, privileged access management (PAM) has become a board-driven initiative.

Information technology (IT) organizations have long struggled with protecting and controlling powerful access to the accounts that administer their most critical assets and data while still allowing their administrators the flexibility they need to perform their daily job functions.

Implementing PAM solutions are one way companies are taking back control of their privileged administrative and super-user accounts, as well as being able to provide a detailed audit record of account use and activities. While the technologies in the marketplace are mature enough to manage a vast majority of use cases, organizations are still finding it challenging when planning out their one- to three-year PAM project road maps. Companies often rely too heavily on the technology they have just purchased, and largely ignore the process and people component when planning their implementation.

Defining PAM in your environment PAM can invoke a vast number of different meanings when it is mentioned in conversation. In order to define what you need out of your PAM program, it is important to first determine what problems your organization is trying to solve. Does your organization:

  • Have general concerns about the increasing attack vector surrounding privileged accounts?
  • Lack the ability to know each time an employee or contractor has accessed a privileged account, and what the employee/contractor did with the privileged account?
  • Maintain the same password across all default local accounts on a particular type of system?
  • Face challenges with regularly rotating privileged passwords on a periodic basis?
  • Share privileged account credentials in a communal group-specific spreadsheet/network drive?
  • Lack the ability enforce multi-factor authentication (MFA) for administrative account log-ins?
  • Use jump boxes to access sensitive areas of your network (e.g., enclaves, DMZ, PCI, etc.)? If any of the scenarios above describe the practices of your organization, then it may be time to discuss the benefits of implementing a PAM solution. Examples of potential PAM benefits include:
  • Rationalization of existing privileged groups to remove any users who do not need privileged access to systems and/or sta accounts of users who have moved job roles
  • Requiring administrators to “check out” passwords of privileged accounts prior to use; once the password is released to an administrator, the password is again changed to a value no human user knows after a set period of time (e.g., one-time password)
  • Adherence to the multi-factor authentication requirement of PCI DSS 3.2

Related service

Insight

KPMG Cyber: Deploying privileged

Download

Get the latest updates from KPMG Cyber Security Services.

Careers

Explore KPMG Cyber Security careers

Read more