Protecting privileged access is now a strategic priority in any organisation’s cyber security strategy. The goal is no longer to simply protect the perimeter, but to prevent attackers who are already inside from moving laterally in the organisation, writes Katie Curtin-Mestre, VP Product and Content Marketing, CyberArk, a privileged access and cloud access product company.
But choosing the right solution from the right provider can become quite a headache, given the myriad of options available on the market. There are, however, simple steps companies can consider to make the selection process easier.
Where will automated tools and services help you most?
Protecting, managing and monitoring privileged access manually can be a tedious, resource-intensive process. It’s nearly impossible for a large organisation to manage and protect the thousands of privileged accounts, credentials and secrets used throughout its on-premise, cloud and DevOps environments without automation.
Manual analysis of privileged access security risks and vulnerabilities can be prone to human error. One missed alert can result in millions of dollars spent on incident response and recovery. Implementing privileged access solutions that can automate manual tasks can help your organisation simplify operations, improve efficiencies and free up valuable IT staff to focus on strategic tasks – while at the same time bolstering your overall security posture.
What are the use cases for privileged access security solutions?
Most breaches today involve privileged account compromise, so protecting access is a top priority. But you can’t protect what you can’t see. Only after a comprehensive inventory and assessment of your privileged accounts, credentials and secrets can you effectively determine what security features your organisation will need to stay safe now and into the future.
When evaluating privileged access security solutions, it’s important to think beyond your current requirements. Consider how your company’s technology strategy is evolving. Your cybersecurity strategy will need to evolve along with it. Are you moving more workloads to the cloud? Is there an initiative underway to adopt DevOps practices? Then, assess if the solution you’re considering can scale in complex environments, provide out-of-the-box support for existing security systems, and easily integrate with other vendors and applications you work with now – or may work with in the future.
Building the matrix
Before starting your search, developing a simple scoring matrix will help you outline required and desired capabilities. This will enable you to assess your current and future use cases against available features and providers. Though every organisation has different needs, common evaluation criteria for a privileged access security solution can include:
•Password management: Does the solution provide flexible and configurable password rotation for users, applications and DevOps tools?
•Security and recoverability: Does the solution feature an isolated digital vault, hardened and secured to store credentials and privileged session recordings securely? Does it offer multiple options for high availability and disaster recovery?
•Audit and monitoring: Will the solution provide strong support for audit and monitoring, as well as the ability to detect anomalous account behaviour?
•Tool integration: Does the solution easily integrate with a broad range of IT and security operations tools?
•Privileged account discovery: Does the solution have capabilities to systematically locate privileged accounts and credentials?
•Privileged task automation: Is the solution able to automate routine privileged access tasks?
•Cloud security: Is the solution able to secure, monitor and control access to the “as-a-service” offerings your company uses or plans to use going forward?
•DevOps management: Does the solution provide comprehensive management of all sensitive elements in the DevOps process?
•Flexible and scalable architecture: Is the solution architected to accommodate flexible deployment options as your deployment scales?
Ultimately, businesses want to make sure the solution their pick will not only meet their current needs but will scale and adapt as the business does. These crucial steps can help companies consider the right solution for them from a 360 perspective, taking into account all the areas of security that they focus on now and in the future.
