Skip to content

Interview with Magnus Wennergren, HCL

interview with HCL

As the necessity of a geographically distributed workforce becomes evident, the IT infrastructure challenges associated with it continue to grow. Global businesses must be able to securely monitor, mitigate, and manage remote user access to enterprise assets, applications, and platforms. Ahead of the Global Cyber Conference, Samir Aliyev, CEO and Founder of the Swiss Cyber Institute, takes the opportunity to speak with Magnus Wennergren, Solution Director for IAM, Cybersecurity and GRC Services at HCL Technologies, a leading global technology company, about the key measures to effectively implement privileged identity and access management solutions to meet these requirements, and how to apply privileged access management in business with a zero-trust approach. Read the interview below. 

SA: Why is privileged access management important for organizations? 

MW: In recent years, we’ve seen numerous instances of massive data breaches and unauthorized access from global organizations. With nearly 50% of data breaches being traced back to phishing attacks on corporate workers, many of whom have high-level access.  

Compromised credentials have been a key factor in many cyber breaches. The privileged identities and associated accesses are the “keys to the kingdom”. When they are compromised, the attackers gain access to the sensitive data, processes, and infrastructure of your organisation. This alone makes PAM a critical business and security imperative for organisations. 

SA: Please walk us through the common best practices to include in a privileged access management program. 

MW: Every organisation and service provider employs its own approach to designing a PAM framework – backed by different technologies and processes. However, all these systems stem from a common foundation or philosophy that focuses on four key areas: 

  • Risk-driven approach – start with the most critical assets first. Organisations must identify, monitor, and secure every single privileged account within their system. This includes temporary credentials that may be issued for short-term periods. Verify their expiry and trace back their activity. Ensuring a process of continuous discovery is paramount in plugging any leaks, gathering relevant data, and building resilient governance policies to prevent unauthorised access in the future. 
  • Involve the business to ensure frictionless introduction. This approach helps ensure strict governance and control by following a life cycle process to track changes in privileged access accounts and tracks what they can access, when, and for how long. 
  • Develop a holistic approach – Include not just classical on-prem infrastructure, but also SaaS and PaaS workloads, as well as the modern use cases like DevOps and agile.  
  • Continuous assessment to ensure you move in the right direction and get a return on investment and risk is reduced as expected. Truly secure systems have visibility not only into the present but also into the past so they can better control the future. Knowing what privileged users can do, do, and its results with session recordings is crucial in any PAM solution for effectively detecting and mitigating aberrant user behaviours. 

SA: How can organizations apply privileged access management in their businesses according to zero-trust principles? 

MW: In essence, privileged access management is designed to reduce, mitigate, and eliminate any opportunities that malicious agents can leverage to gain access to an organization’s networks, data, and systems. Including not just classical on-prem infrastructure, but also SaaS and PaaS workloads, as well as modern use cases like DevOps allows security leaders to gain a 360-degree view of their IT ecosystem and administer better control mechanisms.  

With a Zero-Trust approach, organisations can deploy security solutions that ensure end-to-end control and monitoring of the “who, what, when, why, and where” of every user and account. This can help them enable far more effective detection of unusual user behaviours, provide segmented access for users, monitor high-value assets, discover IT blind spots, remove abandoned and shared accounts, and enforce adaptive controls for contextual just-in-time access. In essence, build a truly resilient and dynamic privileged access management system. 

SA: Thank you Magnus for sharing those insights, we look forward to hearing more about it in the “Securing privileged access to critical systems and data” track session.  

GCC Partners

You can check the conference agenda here.    

You can see all partners here.    

Book your ticket today and gain valuable insights on cyber security thought leadership.