Book Demo!

For the second year in a row, Gartner lists Privileged Access Management (PAM) as the top security project for 2019. In this CIODive article, Gartner’s Brian Reed writes that PAM projects should help organizations discover and apply appropriate controls to privileged accounts so hackers have a hard time accessing them. He continues to say that PAM projects must support on-premises, hybrid and cloud environments and, at a minimum, use multifactor authentication (MFA) for all administrators and third-parties.

How does multifactor authentication complement a PAM solution?

At its core, multifactor authentication is a method of access control that requires a user (or software or machine) to present multiple pieces of evidence or identifiers before granting access (or authenticating them) to company systems. These identifiers can be passwords, knowledge-based questions, or one-time passwords (OTP) generators, mobile devices, etc. With MFA, even if passwords are stolen, it’s unlikely that the hacker also has the phone and OTP generator.

While MFA is valuable for all employees, it is critical for admins and privileged users who have elevated credentials to your systems and data. Hackers or suspicious actors who gain privileged credentials can access your most sensitive company and customer data. They can move laterally through your business network, evade detection and cause serious damage to a business reputation and put you in violation of compliance regulations.

When MFA is combined with a PAM solution, companies have a multi-layered approach to securing privileged accounts. The MFA solution works on the front end as an additional layer of user authentication. In the case of stolen credentials, MFA helps ensure that the person accessing the PAM solution is who they say they are. Once authenticated, the PAM software provides a one-time-use password to the desired systems. Using the principle of least privilege, PAM software can further restrict access rights for users, accounts, and computers/applications to only those resources required to perform their job effectively. Session manager capabilities also help identify inappropriate permissions, record each session for compliance and send alerts if the software notices any suspicious activity.

Considering the advantages, it’s no wonder Gartner recommends integrating PAM with MFA solutions for privileged accounts.

Integrating PAM with MFA 

XTAM for privileged management integrates with leading MFA solutions. XTAM supports RADIUS for authentication which most MFA providers utilize in their own solutions. Therefore many MFA products can be successfully integrated with XTAM. We offer direct integration with MFA offerings such as RADIUS, DuoSecurity, Google Authenticator, and Yubikey. More importantly, our development team will work with customers to support their specific MFA or 2FA provider.

Below is a list of resources to help with MFA configuration for PAM


Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

Industry

Cybersecurity Trends to Watch in 2020

As we close out the year (and the decade), it is time to reflect on the past 12 months and look ahead to the next year. 2019 was a busy year for cybersecurity with increased Read more…

Industry

5 Truths You Should Know About PAM Software

If your business manages or accesses sensitive data (and frankly, whose doesn’t?) you need a comprehensive security plan. No business wants to inform customers or partners that sensitive information has been compromised. The cost of Read more…

Industry

The Challenge of Multi-Factor Authentication and Shared Accounts

Recently, I wrote about the importance of combining multi-factor authentication (MFA) and privileged access management. According to 2018 Global Password Security Report, 45% of organizations are already using two-factor authentication (2FA) and the 451 Group Read more…

Copyright © 2019 Xton Technologies, LLC. All rights reserved.