Skip to content

The privileged identities and accesses are the “keys to the kingdom”

interview with HCL

As the necessity of a geographically distributed workforce becomes evident, the IT infrastructure challenges associated with it continue to grow. Global businesses must be able to securely monitor, mitigate, and manage remote user access to enterprise assets, applications, and platforms. Ahead of the Global Cyber Conference, Samir Aliyev, CEO and Founder of the Swiss Cyber Institute, takes the opportunity to speak with Magnus Wennergren, Solution Director for IAM, Cybersecurity and GRC Services at HCL Technologies, a leading global technology company, about the key measures to effectively implement privileged identity and access management solutions to meet these requirements, and how to apply privileged access management in business with a zero-trust approach. Read the interview below. 

SA: Why is privileged access management important for organizations? 

MW: In recent years, we’ve seen numerous instances of massive data breaches and unauthorized access from global organizations. Nearly 50% of data breaches are traced back to phishing attacks on corporate workers, many of whom have high-level access.  

Compromised credentials have been a key factor in many cyber breaches. The privileged identities and associated accesses are the “keys to the kingdom”. When they are compromised, the attackers gain access to the sensitive data, processes, and infrastructure of your organization. This alone makes PAM a critical business and security imperative for organizations. 

SA: Please walk us through the common best practices to include in a privileged access management program. 

MW: Every organization and service provider employs its own approach to designing a PAM framework – backed by different technologies and processes. However, all these systems stem from a common foundation or philosophy that focuses on four key areas: 

  • Risk-driven approach – start with the most critical assets first. Organizations must identify, monitor, and secure every privileged account within their system. This includes temporary credentials that may be issued for short-term periods. Verify their expiry and trace back their activity. Ensuring a process of continuous discovery is paramount in plugging any leaks, gathering relevant data, and building resilient governance policies to prevent unauthorized access in the future. 
     
  • Involve the business to ensure frictionless introduction. This approach helps ensure strict governance and control by following a life cycle process to track changes in privileged access accounts and tracks what they can access, when, and for how long. 
     
  • Develop a holistic approach – Include not just classical on-prem infrastructure, but also SaaS and PaaS workloads, as well as modern use cases like DevOps and agile.  
     
  • Continuous assessment to ensure you move in the right direction and get a return on investment and risk is reduced as expected. Truly secure systems have visibility not only into the present but also into the past so they can better control the future. Knowing what privileged users can do, do, and its results with session recordings is crucial in any PAM solution for effectively detecting and mitigating aberrant user behaviors. 

SA: How can organizations apply privileged access management in their businesses according to zero-trust principles? 

MW: In essence, privileged access management is designed to reduce, mitigate, and eliminate any opportunities malicious agents can leverage to gain access to an organization’s networks, data, and systems. Including not just classical on-prem infrastructure, but also SaaS and PaaS workloads, as well as modern use cases like DevOps allows security leaders to gain a 360-degree view of their IT ecosystem and administer better control mechanisms.  

With a Zero-Trust approach, organizations can deploy security solutions that ensure end-to-end control and monitoring of the “who, what, when, why, and where” of every user and account. This can help them enable far more effective detection of unusual user behaviors, provide segmented access for users, monitor high-value assets, discover IT blind spots, remove abandoned and shared accounts, and enforce adaptive controls for contextual just-in-time access. In essence, build a truly resilient and dynamic privileged access management system.