Leveraging Privileged Identity Governance to Improve Security Posture

Transcription

1 Leveraging Privileged Identity Governance to Improve Security Posture

2 Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both frequency and impact in recent years. However, it may come as a surprise to some that a majority of these attacks are generated by insiders. Privileged users with access to sensitive data and IP can create significant risk for the business. There are three types of insider threats for which organizations must account: Malicious insiders who deliberately steal information or cause damage Exploited insiders who are unwittingly targeted by external attackers Careless insiders who make unintended mistakes Special attention should be paid to the exploited insider type, as perpetrators of advanced persistent threats (APTs) often infiltrate a target network, then take control of privileged identities in order to gain access to critical systems and data. 02

3 Understanding the Privileged Insider Threat (continued) Industry statistics show that IT saboteurs with administrator or privileged access within their organizations have been responsible for a majority of breaches. But what are the potential motives of these attackers? IP theft involves a privileged user leveraging IT systems to steal IP from the company. Espionage encompasses a privileged user seeking classified information, trade secrets and IP in order to gain national, strategic or competitive advantage. Fraud occurs when a privileged user leverages IT systems to modify, add or delete the organization s data for personal gain. IT sabotage takes place when a privileged user misuses networks, systems or data to harm a specific individual or the organization. In reviewing this list, it s not difficult to see what s at stake. When it comes to loss of company IP, compromised systems and data or even just word of a breach hitting the wire, organizations are looking at significant revenue losses, penalties and a damaged reputation in the marketplace. The cost of security breaches averages $5.4 million per year for U.S. businesses. 1 1 Ponemon Institute Cost of Data Breach Study: Global Analysis. May,

4 Assessing the Challenges and Risks of Privileged Identities As a result of these ever-increasing threats, many organizations are re-examining their security practices, looking for gaps that could be exploited internally or externally whether by accident or with malicious intent. As part of this re-examination, companies must take a fresh look at privileged identities, which can pose a significant threat to network and data security when not properly managed. These risks manifest themselves when privileged users are given all-powerful access and are subject to limited accountability. All-powerful access Unrestricted root or Administrator access No segregation of duties Lack of accountability Use of shared accounts Poor log integrity and quality Virtualization magnifies these challenges by adding administrators who can make significant changes to entire virtual environments while having little accountability for their actions. 04

5 How to Recognize Susceptibility to Privilege Exploitation While it s important for organizations to understand the risks associated with insider and external threats, they often do not have a simple way to evaluate how vulnerable they are to such attacks. Below are four common symptoms of an IT environment that is susceptible to privilege exploitation: Orphaned accounts are created when users leave a company, but their credentials remain active. They are common weaknesses that are often exploited by disgruntled administrators. Privilege creep happens when users job functions evolve, and they are given additional access rights. This often leads to users having more privileges than they actually need. Audit burdens multiply when access privileges are not closely monitored, because the processes involved with verifying user access require time-consuming, manual effort. Lack of visibility means not only struggling to identify what kind of access users have, but also failing to know if, when, where and how that access was used. Organizations that experience one or more of these symptoms are significantly more likely to experience insider or external attacks and suffer from the revenue loss, penalties and brand damage that often accompany them. How do they avoid this? By leveraging a Privileged Identity Governance solution that can help close their vulnerability gaps. 05

6 The Need for Privileged Identity Governance While most organizations have already implemented some form of privileged identity management to better protect and control sensitive servers, many of these deployments lack the holistic visibility and automated processes that are necessary for verifying administrator access rights on an ongoing basis. Privileged Identity Governance brings together three critical capability areas, so organizations can remove common exploitation points within their IT environments and prevent insider and external attacks: Privileged Identity Governance Identity and access governance Privileged identity management User activity reporting 06

7 The Need for Privileged Identity Governance (continued) Privileged Identity Governance Identity and access governance Privileged identity management User activity reporting As the first component of a Privileged Identity Governance solution, identity and access governance includes powerful identity analytics and flexible workflows that organizations can leverage to develop and apply identity policies across the entire enterprise. With identity and access governance, companies can: Leverage analytics to assess, audit and clean up excessive access rights Automate entitlement certification for users, roles and resources, and remediate entitlements Establish centralized segregation of duties (SoD) policies Monitor access rights via comprehensive dashboards and reports 07

8 The Need for Privileged Identity Governance (continued) Privileged Identity Governance Identity and access governance Privileged identity management User activity reporting As the second component of a Privileged Identity Governance solution, privileged identity management utilizes automated privilege control capabilities to help an organization put the policies developed via the governance phase into action. With privileged identity management, companies can: Leverage fine-grained access controls to secure passwords for shared accounts and implement least privilege access Discover and propose potential roles based on access patterns and organizational characteristics Discover the underlying business structure, and turn millions of access rights into hundreds of roles Adapt models as the business evolves over time 08

9 The Need for Privileged Identity Governance (continued) Privileged Identity Governance Identity and access governance Privileged identity management User activity reporting Finally, there is the user activity reporting component of a Privileged Identity Governance solution, which helps organizations increase their visibility into user activity (i.e., what resources are being used by whom, when, where and how). Example reports typically include: Policy management: View the status of policy deployment and deviations from standard policies. Entitlements: View the entitlement users and groups have over system resources (for example, to see who has root access to the systems). User management: View inactive accounts, users, group memberships and administrative accounts, and manage SoD. Password management: View information on password aging, password policy compliance, etc. Privileged user access: View all privileged user activity, including check-in, check-out, workflow approvals and other actions. 09

10 Best Practices for Implementing a Privileged Identity Governance Solution To help ensure success, an implementation of a Privileged Identity Governance solution should be viewed as a continuous process spanning four key phases. Planning Foundation Automation Optimization During phase one, an organization must conduct a risk assessment of its overall environment, beginning with the systems and users that represent the highest risk profile to the business. After systems have been identified, phase two involves cleaning up privileged users entitlements, removing orphan accounts and users with excessive privileges and beginning to develop a consistent role model that can be applied across all privileged users within the organization. With a solid foundation in place, the organization moves on to phase three, which consists of automating specific identity processes, such as user provisioning, role management and entitlement certification. Phase four represents the ongoing refinement of the solution through active monitoring and adjustments as the business evolves and changes over time. 10

11 The Business Value of Privileged Identity Governance At its core, Privileged Identity Governance is all about addressing the two previously discussed challenges of all-powerful access and lack of accountability. It does this by automating the management of relationships between people, their credentials and their access rights on each system. After successfully implementing a Privileged Identity Governance solution, organizations can look forward to the following business benefits: Reduced administrative costs via automation of routine tasks, such as verifying users access rights, which offloads that burden from IT. Enhanced compliance support via automatic enforcement of security controls that have been mandated by regulations, compliance frameworks and internal/external auditors. Increased accountability through centralized identity administration processes that follow consistent approval workflows and create detailed audit trails. Improved visibility into administrator access and actual usage via user activity reporting to examine privileged user activity and actions. 11

12 About the Solution from CA Technologies The Privileged Identity Governance solution from CA Technologies results from the fusion of two leading identity management products: CA ControlMinder and CA GovernanceMinder. CA GovernanceMinder is designed to automate identity and access governance processes and provides continuous identity controls. This starts with leveraging a business-friendly role foundation to present information to users in the context that makes sense to them. It also checks security policies and highlights potential access or entitlements violations to business managers during such processes as entitlements certification. CA ControlMinder is a scalable solution that provides privileged user password management, fine-grained access controls, user activity reporting and UNIX authentication bridging across servers, applications and devices from a central management console. For more information about Privileged Identity Governance from CA Technologies, visit ca.com/identity-management. CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. Copyright 2014 CA. All rights reserved. UNIX is a registered trademark of The Open Group. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.