Recently, we attended the 2018 Gartner Security & Risk Management Summit. The event is always a valuable opportunity to learn from top CISOs and security and risk management professionals, to explore leading-edge research and to discuss emerging cyber security trends.
Although there were a number of excellent presentations throughout the week, one in particular stood out based on its pragmatic guidance and actionable takeaways. Also, organizations have long term strategic security programs, but they need to demonstrate quick wins along the way.
In his talk, “Top 10 Security Projects for Security and Risk Management Organizations,” Gartner VP and Distinguished Analyst Neil MacDonald outlined the top 10 security projects for 2018, based upon a number of criteria: the emerging technologies that support the project are not yet mainstream; the project helps deliver against the CARTA (continuous adaptive risk and trust assessment) approach; and the project has high risk reduction versus resources required as compared to alternatives.** MacDonald identified privileged account management (PAM) as the #1 focus for organizations.
In our opinion, strategic privileged account management projects should be expanded into a longer term program. Comprehensive privileged account management that extends protections to other users and applications across the enterprise, in the cloud, at the endpoint and throughout the DevOps pipeline, will take an integral project to the next level.
Ready to get started? Start by prioritizing the implementation of controls for protecting privileged credentials to drive tangible results quickly. A CyberArk report, “Rapid Risk Reduction: A 30-Day Sprint to Protect Privileged Credentials,” outlines a proven framework for an intensive sprint of approximately 30 days to help reduce risk and achieve quick wins.
Don’t stop there. After demonstrating the value of protecting privilege across high-risk areas to key stakeholders, it’s time to take a phased approach to expand coverage to new areas, evolving these projects into long-term, business-critical cyber security programs. For guidance, we encourage you to download the CyberArk Privileged Access Security Hygiene whitepaper.
*Gartner, Smarter with Gartner, Gartner Top 10 Security Projects for 2018, June 6, 2018
**Gartner, Gartner Security & Risk Management Summit 2018 agenda, https://www.gartner.com/en/conferences/na/security-risk-management/agenda/track