For the second year in a row, Gartner lists Privileged Access Management (PAM) as the top security project for 2019. In this CIODive article, Gartner’s Brian Reed writes that PAM projects should help organizations discover and apply appropriate controls to privileged accounts so hackers have a hard time accessing them. He continues to say that PAM projects must support on-premises, hybrid and cloud environments and, at a minimum, use multifactor authentication (MFA) for all administrators and third-parties.
How does multifactor authentication complement a PAM solution?
At its core, multifactor authentication is a method of access control that requires a user (or software or machine) to present multiple pieces of evidence or identifiers before granting access (or authenticating them) to company systems. These identifiers can be passwords, knowledge-based questions, or one-time passwords (OTP) generators, mobile devices, etc. With MFA, even if passwords are stolen, it’s unlikely that the hacker also has the phone and OTP generator.
While MFA is valuable for all employees, it is critical for admins and privileged users who have elevated credentials to your systems and data. Hackers or suspicious actors who gain privileged credentials can access your most sensitive company and customer data. They can move laterally through your business network, evade detection and cause serious damage to a business reputation and put you in violation of compliance regulations.
When MFA is combined with a PAM solution, companies have a multi-layered approach to securing privileged accounts. The MFA solution works on the front end as an additional layer of user authentication. In the case of stolen credentials, MFA helps ensure that the person accessing the PAM solution is who they say they are. Once authenticated, the PAM software provides a one-time-use password to the desired systems. Using the principle of least privilege, PAM software can further restrict access rights for users, accounts, and computers/applications to only those resources required to perform their job effectively. Session manager capabilities also help identify inappropriate permissions, record each session for compliance and send alerts if the software notices any suspicious activity.
Considering the advantages, it’s no wonder Gartner recommends integrating PAM with MFA solutions for privileged accounts.
Integrating PAM with MFA
XTAM for privileged management integrates with leading MFA solutions. XTAM supports RADIUS for authentication which most MFA providers utilize in their own solutions. Therefore many MFA products can be successfully integrated with XTAM. We offer direct integration with MFA offerings such as RADIUS, DuoSecurity, Google Authenticator, and Yubikey. More importantly, our development team will work with customers to support their specific MFA or 2FA provider.
Below is a list of resources to help with MFA configuration for PAM