Secure Identities With These Five Intelligent Privilege Controls

December 21, 2023 Amy Blackshaw

identities-intelligent-privilege-controls

If you’re reading this, a major part of your job is making the case for security-related issues that you know are urgent.

You may be among the 97% of CISOs being asked to present to their boards — briefing them on new attack methods and recommending protective solutions. Or you might be a security admin preparing to relay that same information to your CISO. Either way, you’re on point to convince key stakeholders that:

  • These threats require attention.
  • Your plan merits support.
  • The time for action is now.

Why now? IT security teams face pressure to act quickly when threats emerge and scrutiny rises. The consequences of delayed action loom large. For example, what if you don’t move quickly enough to find a vendor whose solution can protect against the latest threat? No doubt this is a valid concern — but it could also be why two-thirds of organizations use security tools from up to 40 different vendors.

The trouble is when security solutions are bolted together in haste, they typically cannot:

  • Share data on potential threats and turn insights into action as a unified front.
  • Correlate alerts across data to find the signal in the noise.
  • Extend an effective control for securing one type of identity (IT admin) to another identity (everyday employee).

Your organization likely has a solution for securing highly privileged IT users’ identities. And you probably have tools to authenticate employees who use business applications. All good things! However, in a typical organization, these solutions are often siloed. So, if you happen to notice that a control from the privileged access management side (like session monitoring) could also be useful for securing identities across your workforce — well, that’s a spot-on observation.

But without integration, your solutions can’t share controls, nor can they provide the visibility you need — be it into users' access or into potential threats — in a unified way. Let’s talk about how you can change that.

The Role of Intelligent Privilege Controls

You’re protecting the enterprise at a time when three realities — new identities, new environments and new attack methods — are making the job more complex than ever. This dynamic calls for extending intelligent privilege controls to all identities, from IT users and everyday employees to developers and non-human identities.

Any identity can become privileged based on the sensitive resources they can access — and the actions they can take. Consider the example of a healthcare system, where a wide range of identities (human and non-human) requires protection, including:

  • IT admin identities with high-risk access to critical healthcare infrastructure.
  • Everyday hospital employees, 65% of whom have access to sensitive data such as patient records and billing information.
  • Automated tools used by the hospital’s DevOps team to build out cloud operations as healthcare modernizes.
  • Built-in identities on endpoints and servers that an attacker could use to steal patient data or install ransomware that could shut down hospital operations.
  • Machine identities built into healthcare Internet of Things (IoT) devices used by medical staff and patients.

Healthcare is just one example. This phenomenon — in which identities of all types are gaining access to critical resources, infrastructure and environments — is happening across all industries and government sectors.

What we’re seeing is an evolution of privilege beyond the textbook definition. Any identity can become privileged based on what it can access — and what actions it can take. This is why a converged identity security approach is so essential.

In an identity security approach, the underlying solutions are designed to share data, benefit from each other’s respective controls and — similar to the people who are instrumental to making identity security work — collaborate with each other. With intelligent privilege controls at the center of that approach, you can enforce least privilege across all of your identities, infrastructures, applications, endpoints and environments.

Five Types of Intelligent Privilege Controls to Secure Your Organization's Identities

At this point, you might be thinking to yourself, “Okay I get the general premise here. But what kinds of controls are we talking about exactly, and what kinds of identities would I apply them to?”

Let’s break it down. We created a helpful list you can refer to when building or refining your own identity security approach. It can also be useful when you’re making the case to your stakeholders — from your board to your team — on how to better secure your organization at a time when all types of identities are under attack.

Graphic listing the five intelligent privilege controls, along with detailed descriptions of each control. The five intelligent privilege controls are: 1. Zero standing privilege (ZSP) and just-in-time (JIT) access; 2. Session isolation; 3. Session recording and protection; 4. Endpoint least privilege; 5. Credentials and secrets management.

As detailed, intelligent privilege controls aren’t just for the IT admins of world. They can help you secure the entire ecosystem of identities driving your organization’s most important initiatives.

Finding a True Identity Security Platform: How to Vet Providers

So where can you find a platform in which the underlying controls can be applied to any identity with access to potential targets? Could it be as simple as consolidating providers? Not quite. The word “consolidation” doesn’t do justice to the challenge at hand. We’re talking about building something bigger that can take on a threat landscape in which:

  • 84% of organizations experienced an identity-related breach in the past year.
  • 62% of IT security decision-makers say their organizations lack a complete picture of human and non-human access to sensitive resources.
  • 63% say their processes and technologies do not adequately secure the highest-sensitivity access for employees.

Today’s threats require an identity security platform that’s integrated in every way — built to protect every identity (human and machine) and every resource they touch, across every one of your environments. The million-dollar question is: how can you find such a platform? We’ve got you covered on that front as well.

Check out our recently published eBook, "Buyer's Guide: What to Look for in an Identity Security Platform." It’s a quick read containing vendor-agnostic recommendations on the strategies, controls and technologies that comprise a true identity security platform. In the guide, you’ll find insights on what questions to ask and how to evaluate providers’ offerings to make sure they can meet your organization’s needs.

You can also watch our on-demand webinar, "Top Considerations for Identity Security Platforms."

Amy Blackshaw is vice president of product marketing at CyberArk.

Previous Article
CyberArk Labs’ 2023 Threat Research Highlights
CyberArk Labs’ 2023 Threat Research Highlights

Throughout an eventful 2023, CyberArk Labs remained focused on uncovering emerging cyberattack patterns and...

Next Article
SafeNet: Securing Your Network From Yourself
SafeNet: Securing Your Network From Yourself

TL;DR Whether working at home or in the office, when conducting cybersecurity research, investigating the d...