When it comes to the federal, state, and even local governments, security is paramount. Yet governments continue to struggle with privileged access management policies and privileged escalation. A report by Forcepoint and the Ponemon Institute brings to light just how significant this problem is. According to the report, users are given privileged access when they don’t need it. This exposes government organizations to greater security risks from threats both inside and outside the organization.
The report surveyed 895 ‘self-described’ privileged users in the UK and US government. The report included privileged users (those with elevated privileges) as database administrators, network engineers, IT security practitioners and cloud custodians. Here’s what they found:
- While 64% said that privileged access is required to do their job requirements, 36% said they do not need it to perform their job but have it anyway. These individuals cited two main reasons – everyone at their level had privileged access or that access was not revoked when the person changed roles.
- Only 48% of government respondents said privileged users are vetted through background checks.
- 44% said that access to sensitive information is not really controlled. In fact, when respondents were asked about different scenarios, 49% said it was likely or highly likely that privileged users access sensitive data because of curiosity.
- Less than half of people surveyed said their organization can effectively monitor privileged user activities.
The survey highlights just how serious privileged escalation is across government organizations. With 80% of security breaches involve privileged credentials, governments need to rethink their privileged access strategy.
Privileged access management software can help governments address key issues around privileged access. Here are just a few ways PAM software helps:
- Discovery – PAM software can automate the discovery of all types of privileged accounts. This goes beyond special users or IT admins. Privileged accounts can come in the form of domain, network, local, active directory, cloud, emergency, service to application accounts. All of these privileged credentials need to be managed to limit risk and maintain compliance. PAM software automates the discovery of all types of privileged accounts. You can send a discovery query across your network to locate and report on found privileged endpoints and their configurations. Scans can be automatically scheduled to run at specific intervals to identify new accounts, records and place them under management.
- Least Privilege Approach – Security experts recommend adopting a least privilege approach of restricting a user’s access to only those resources / permissions required to perform their job effectively. As this report found, governments need to work toward this approach as a way to limit privilege escalation. PAM tools, like XTAM, allow governments to create role-based access controls that allow IT to control privileges based on a user’s role. You can use parameters like time of day, physical locations (as determined by IP address), days of the week (workdays) or other combinations. Each account needs specific justification/approvals for accessing the target system or sensitive data for a set time period. With policy-based controls, you make sure that a user or system only has access to the target system/data they need, for a limited time and nothing else. The idea goal is rightsizing each privileged account to a specific task.
- Complete Audit Trail – This goes without saying, but PAM software is designed to provide auditing and reporting capabilities. XTAM offers auditing for all access and usage events. This includes recording sessions, keystrokes and more. Government security, IT and compliance offers can see exactly what, when and by whom records or secrets were created, accessed, modified or deleted.
- Automating Offboarding Policies – When government employees change roles or leave, there needs to be offboarding policies in place. This is especially critical for anyone with privileged credentials. Governments can use privileged account access automation to help with offboarding. It can be used to discover privileged accounts on the network, lockdown orphaned accounts, and remove or reset credentials for the user accounts. By automating the offboarding process, governments can remove access permissions quickly as employees leave or change roles within the organization or departments.
XTAM offers enterprise PAM functionality in one affordable, cloud-ready platform. Our unique approach – one platform, modern architecture, agentless, agile development, and commitment to customer support – allows us to eliminate the unnecessary complexities associated with traditional PAM solutions. At Xton, we are strong believers in the ‘least privilege’ approach and built a modern PAM solution around this very principle and offer advanced features to help prevent privileged escalation.