Who owns the data in your organization? If you’re like many, there’s a chance it’s fragmented. Maybe legal owns governance while security owns data security. IT, legal, security and line-of-business owners might share tasks. Perhaps there is no real data governance or oversight at all. What we hear from people across all industries, though, is that whether they have a mature governance and data security program or a nascent collection of policies expected to evolve over time, there is one specific avenue that remains difficult to address: controlling access to sensitive data. Zero trust and other access controls can help.
Combining Zero Trust and Other Tools
There are plenty of articles extolling the virtues of combined data security and access management tools — and with good reason. By always watching a user’s actions and data security posture and quickly adjusting access privileges as needed, you can preserve data privacy, meet data compliance needs and ensure a zero trust architecture.
But what about privileged access management (PAM)? Privileged accounts are expanding rapidly, becoming more complex and taking more in stride. Today, containers, servers and apps can all have privileged access. This widens the borders of a privileged account as well as the attack surface for bad actors looking for an entry point.
Often, businesses do not practice good hygiene around privileged credentials. They don’t set limits for them beyond typical access policies dictating where, when or how users can access these sensitive accounts. Beyond this, PAM oversight is less easily added into data security. The relevant teams often cannot determine the user behind privileged credentials when strange behavior occurs.
In fact, many companies still use ad-hoc methods like paper or spreadsheets to manage privileged credentials. With 74% of breaches stemming from privileged credentials, and one in four employees reporting they know someone who has sold privileged credentials, more granular control is paramount.
At 11 a.m. (EDT) on June 8, 2021, IBM and Enterprise Management Associates, Inc (EMA) discuss IBM Security Guardium Insights and the current state of data security.
The Importance of Just-in-Time PAM
The first step on the journey to the zero trust security promised land is just-in-time (JIT) PAM. We discussed earlier how businesses tend to practice poor security hygiene when it comes to privileged credentials. That’s where a JIT model comes in. In fact, in the 2020 Gartner Magic Quadrant for PAM, Gartner predicts that 50% of organizations will have put a JIT model in place by 2024, with those that do seeing 80% fewer privileged breaches than their peers.
Multiple JIT cases can be solved with PAM. Developers need JIT privileged access to build, test and launch products. Meanwhile, service accounts need JIT access for IT tasks. Given that 74% of CFOs intend to move at least 5% of their onsite employees to permanent remote bases, more remote workers need JIT access to stay productive.
In a nutshell, this model abides by the notion of least-privilege access. It gives users the least access they need to accomplish privileged tasks. This means limiting the time spent in a privileged system. In addition, it greatly limits the locations from which those systems can be accessed, among other factors. Setting strict limits on where and for how long accounts can be accessed makes it less likely someone could abuse those privileged credentials. If odd behavior does occur, your team can discover the culprit more easily.
Who Is Watching the Watchers?
So, we’ve enhanced our PAM with a JIT model. But it still doesn’t fully address the access management gap. Even with policy guiding the use of privileged credentials, there is the risk of those credentials still being exploited. To combat this, deploy data security analytics.
Any data security solution, including those built to secure the modern hybrid multicloud, must come equipped with artificial intelligence (AI) that can centrally analyze what’s happening across all data sources within a given data environment. Why? The World Economic Forum predicts that by 2025, there will be 463 exabytes of data created daily. This contributes to a massive threat landscape where suspicious actions can occur. On top of that, we need machine learning to understand normal behavior across dozens of disparate databases. Without it, it will become more and more difficult to detect risky moves and trends.
This goes double for detecting and learning more about risky behaviors occurring behind PAM credentials. It is imperative to have a data security solution in place to spot problems. This solution can tell when a privileged account is behaving oddly or when someone extracts large volumes of sensitive data. It is equally crucial to integrate with a PAM solution to unmask the user behind the shared account. This leaves the feedback loop wherein the system looks at ongoing user behavior. From there, it can inform the need for changing access policies on privileged accounts.
Starting at Zero Trust
Data security is a zero trust issue at heart. With a zero trust model, organizations are enabling least privilege access to their data and always checking access credentials for users, devices and applications. By assuming a breach is bound to happen, they are ready to spot and respond to attacks. If the endgame is to limit access to critical data to those with the right credentials and a real need, it requires a mix of analytics, ongoing checking of data sources and systems, and a constant look at the security posture of users and endpoints. By breaking down silos between data security and identity teams, essential roles such as visibility, security and governance are less fragmented, and you can limit the damage caused by a breach.
Learn why IBM Security Verify Privilege is a leader in Forrester Wave™️: Privileged Identity Management (PIM), Q4 2020. Don’t forget join IBM and EMA at 11 a.m. (EDT) on June 8, 2021, to discuss IBM Security Guardium Insights and the current state of data security.
The post Zero Trust: Bringing Privileged Access and Data Security Analytics Together appeared first on Security Intelligence.