{"id":4012,"date":"2016-11-25T06:37:27","date_gmt":"2016-11-25T06:37:27","guid":{"rendered":"https:\/\/www.happiestminds.com\/blogs\/?p=4012"},"modified":"2024-04-10T05:45:12","modified_gmt":"2024-04-10T05:45:12","slug":"privileged-identity-management-why-we-need-it","status":"publish","type":"post","link":"https:\/\/www.happiestminds.com\/blogs\/privileged-identity-management-why-we-need-it\/","title":{"rendered":"Privileged Identity Management \u2013 Why We Need It?"},"content":{"rendered":"
<\/div>

In an organization\u2019s IT environment, there are several user accounts.\u00a0 Out of these, the \u201cSuper User accounts\u201d are usually among the most important ones as they are used for System administration. \u00a0These accounts are also called root accounts, administrator, admin or supervisor accounts, service accounts, application accounts, emergency accounts and so on depending on the operating system. \u00a0These accounts are needed for the IT platform to function. \u00a0They are needed in case of \u201cBreak the glass\u201d emergency access situations as well as routine day-to-day activities. \u00a0Protecting these accounts from unscrupulous use becomes very important from the point of view of IT security<\/a> because these have far greater access capabilities.\u00a0 They can be misused to make unrestricted system wide changes that can be potentially harmful if this account is hacked by nefarious elements.\u00a0 Privileged Identity Management<\/a> (PIM) is the process of securing the \u201cSuper User\u201d accounts or the above-mentioned accounts in an organization.<\/p>\n

We have hence established the point that the Super User account needs to be properly secured or we need to put in place PIM. \u00a0\u00a0Notwithstanding this, what can be the most important reasons that make PIM the need of the hour? \u00a0Let us have a look at some of the critical ones:<\/p>\n

They are a big security risk<\/strong> \u2013 Ok, we did talk about this in the starting paragraph, however we will dig a bit deeper to assess how big the problem might be. \u00a0Just look at the systemic risks in case of use by these privileged entities. \u00a0In a typical IT setup, the Super User accounts like those of a database administrator (DBA), a Unix root, a Chief Information Officer (CIO) and a Chief Executive Officer (CEO) are insufficiently governed by the Identity management<\/a> software.\u00a0 It leaves these accounts uncontrolled, while advanced privileges are enabled on the network. \u00a0What makes the situation even more baffling, is the fact that the owners of these accounts usually haven\u2019t been formally trained in using them and hold your breath – in more cases than not, these are shared accounts.<\/p>\n

Some numbers to think about<\/a>:<\/p>\n

As of March 29th, 2016, there have been over 202 data breach incidents in 2016, with a total of 6,184,526 records compromised according to a report from the Identity Theft Resource Center. That puts the US on track to eclipse 2014\u2019s record high 783 data breaches (2015 was a close second with 781).<\/p>\n

The average cost of those breaches? $3.79 million<\/strong>, according to research from the Ponemon institute and beyond the immediate financial cost, data breaches can cause an unquantifiable loss in customer confidence<\/p>\n

Some of the most disastrous data breaches of all time (The monetary numbers for each of these couldn\u2019t be ascertained):<\/p>\n

o\u00a0\u00a0 Korean Credit Bureau, 2014, 20 million records compromised<\/p>\n

o\u00a0\u00a0 Home Depot, 2014, 56 million credit and debit cards compromised<\/p>\n

o\u00a0\u00a0 Anthem\/Premera Healthcare, 2015, 80 million records breached<\/p>\n

o\u00a0\u00a0 Ebay, 2014, 145 million customer records breached<\/p>\n

They are needed by regulation<\/strong> \u2013 Regulation either requires controls that manage risks associated with high privilege IT access or recommend it (most of these recommendations will become a requirement soon, so it is not a question of \u201cif\u201d, just a question of \u201cwhen\u201d). . Control of the privileged accounts is mandated by most of the fearsome regulations – Sarbanes-Oxley, the Payment Card Industry Data Security Standard (PCI DSS), the Federal Energy Regulatory Commission (FERC), HIPAA<\/a> Corporation (NERC) Critical Infrastructure Protection (CIP) <\/a>\u00a0standards, etc. \u00a0You name it, it is there in all of them in one form or another. \u00a0\u00a0There are corollaries that either mandate or recommend measures starting from\u00a0\u00a0 authentication, access control, access delegation, and separations of duties, to a complete and continuous monitoring, archiving, and auditing of access.<\/p>\n

Auditors sniff for it. \u00a0The internal auditors need a trail that proves that access controls are in place and they are active across all types of accounts \u2013 both individual and shared administrative accounts.<\/p>\n

Business partners are asking for it<\/strong> \u2013 The review of privileged account associated controls is a routine demand by business partners when they have to give their reviews on Auditing Standards (SAS) 70.<\/p>\n

It signals confidence in Business practices<\/strong> \u2013 When the duties are separated in administrative IT controls, it assuages the fears that business performance records cannot be compromised, blinded or subverted to cover irresponsible or illegal business activities. \u00a0Privileged Identity Management ensures that the chances of the subversion of business-critical data and operations are minimized, which in turn ensures that the integrity of policy definitions is not violated.<\/p>\n

It benefits the business by reducing costs<\/strong> \u2013 Data breaches have direct costs in terms of maintenance and support and also costs in terms of loss of reputation and business (reputational costs are usually far higher and not possible to monetize). \u00a0According to the 2014 IBM\/Ponemon Cost of Data Breach Study<\/a>, the average cost paid per record for a data breach is $145 USD and the average total cost is $3.5M USD. Cleanup costs for some of the breaches of major U.S. retailers in 2014 ranged from just over $4M USD to over $100M USD. \u00a0Lost revenue for these vendors ranged from around $40 million USD to over $1 billion USD.<\/a><\/p>\n

Irresponsible or mindless use of IT controls is a big nuisance to businesses in terms of wastage of time and manpower. \u00a0As per an EMA research of 200 businesses globally, only 40% of the respondents achieved<\/a> the \u201cPlan\u2013Do\u2013Check\u2013Act\u201d\u00a0 (PDCA) IT change management milestones. \u00a0\u00a0Those who achieved it had 50 % median incidence of abrupt security incidences, lesser incidents where failed IT change needed remediation, larger server to system administrator ratios, more number of IT projects completed within time and budget with intended outcomes.<\/p>\n

So, we see that Privileged Identity Management<\/span> is an inevitability today, not just because it is becoming a regulatory mandate but also because it makes sound business sense as the threat landscape is evolving and the costs associated with data breaches are also spiraling with every passing day.<\/p>\n

\r\n
\r\n \r\n <\/i>\r\n <\/a>\r\n 0 <\/span>\r\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"

In an organization\u2019s IT environment, there are several user accounts.\u00a0 Out of these, the \u201cSuper User accounts\u201d are usually among the most important ones as they are used for System administration. \u00a0These accounts are also called root accounts, administrator, admin or supervisor accounts, service accounts, application accounts, emergency accounts and so on depending on the […]<\/p>\n","protected":false},"author":44,"featured_media":1578,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[252],"tags":[1154,1249,1443],"class_list":["post-4012","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-identity-access-governance","tag-identity-management-software","tag-it-security","tag-privileged-identity-management"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/4012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/comments?post=4012"}],"version-history":[{"count":1,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/4012\/revisions"}],"predecessor-version":[{"id":11979,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/4012\/revisions\/11979"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media\/1578"}],"wp:attachment":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media?parent=4012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/categories?post=4012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/tags?post=4012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}