I D C T E C H N O L O G Y S P O T L I G H T. C a n S e c u rity M a k e IT More Productive?



Similar documents
E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

I D C T E C H N O L O G Y S P O T L I G H T

I D C S P O T L I G H T. Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s

Optimizing Information Management in the Cloud

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Addressing the United States CIO Office s Cybersecurity Sprint Directives

I D C T E C H N O L O G Y S P O T L I G H T. T h e I d e n t i t y I m p e r a t i ve i n t h e C l o u d

I D C V E N D O R S P O T L I G H T

I D C V E N D O R S P O T L I G H T. H yb r i d C l o u d Solutions for ERP

Migrating to Windows 7 - A challenge for IT Professionals

How can Identity and Access Management help me to improve compliance and drive business performance?

Seven Things To Consider When Evaluating Privileged Account Security Solutions

I D C M A R K E T S P O T L I G H T. P r i va t e a n d H yb r i d C l o u d s E n a b l e New L e ve l s o f B u s i n e s s and IT Collaboration

Workload Automation Challenges and Opportunities

I D C T E C H N O L O G Y S P O T L I G H T

I D C V E N D O R S P O T L I G H T

How To Manage A Privileged Account Management

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

I D C A N A L Y S T C O N N E C T I O N

I D C V E N D O R S P O T L I G H T

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Got Files? Get Cloud!

I D C T E C H N O L O G Y S P O T L I G H T

Global Headquarters: 5 Speen Street Framingham, MA USA P F

I D C E X E C U T I V E B R I E F

Authentication as a Service (AaaS): Creating A New Revenue Stream with AuthAnvil

Global Headquarters: 5 Speen Street Framingham, MA USA P F

I D C V E N D O R S P O T L I G H T. S e c u r i n g Cloud and Mobile W h i le Keeping E m p l o ye e s H a ppy

Privilege Gone Wild: The State of Privileged Account Management in 2015

Secret Server Qualys Integration Guide

Top 5 Reasons to Choose User-Friendly Strong Authentication

Smart Identity Security: The Next Generation of Identity and Access Management

White paper. Four Best Practices for Secure Web Access

Understanding Enterprise Cloud Governance

How To Comply With Ffiec

I D C V E N D O R S P O T L I G H T. W o r k l o a d Management Enables Big Data B u s i n e s s Process Optimization

CyberArk Privileged Threat Analytics. Solution Brief

I D C T E C H N O L O G Y S P O T L I G H T

The Next Phase of Datacenter Network Resource Management and Automation March 2011

Drawbacks to Traditional Approaches When Securing Cloud Environments

I D C M A R K E T S P O T L I G H T

Securing Remote Vendor Access with Privileged Account Security

Global Headquarters: 5 Speen Street Framingham, MA USA P F

SECURING IDENTITIES IN CONSUMER PORTALS

Speeding Office 365 Implementation Using Identity-as-a-Service

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Windows Least Privilege Management and Beyond

STRONGER AUTHENTICATION for CA SiteMinder

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Teradata and Protegrity High-Value Protection for High-Value Data

SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance?

ADDING STRONGER AUTHENTICATION for VPN Access Control

Privilege Gone Wild: The State of Privileged Account Management in 2015

I D C M A R K E T S P O T L I G H T. T a m i n g D a t a M a n a g e m e nt Costs in a " C l o u d y" I T W o rld

The CyberArk Privileged Account Security Solution. A complete solution to protect, monitor, detect and respond to privileged accounts

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

How To Achieve Pca Compliance With Redhat Enterprise Linux

The CyberArk Privileged Account Security Solution. A complete solution to protect, monitor, detect, alert and respond to privileged accounts

How To Buy Ibm Cloud In Canada

EXECUTIVE SUMMARY THE STATE OF BEHAVIORAL ANALYSIS

2013 AWS Worldwide Public Sector Summit Washington, D.C.

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Strong Authentication. Securing Identities and Enabling Business

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Building Secure Multi-Factor Authentication

How To Buy Nitro Security

Enterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask

Vistara Lifecycle Management

I D C T E C H N O L O G Y S P O T L I G H T. W i n d ow s Serve r E n d o f L i f e : An Opportunity t o E va l u a t e I T S tr a t e gy

Stay ahead of insiderthreats with predictive,intelligent security

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

I D C T E C H N O L O G Y S P O T L I G H T. P o r t a b i lity: C h a r t i n g t h e Path T ow ard the Open Hyb r i d C l o u d

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Choosing an SSO Solution Ten Smart Questions

Chapter 10. Cloud Security Mechanisms

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged Access Life-Cycle Management: How PALM Enables Security, Compliance, and Efficiency for Enterprise IT

Password Management Evaluation Guide for Businesses

Media Shuttle s Defense-in- Depth Security Strategy

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

EXECUTIVE VIEW. KuppingerCole Report. Content. Related Research

I D C M A R K E T S P O T L I G H T

I D C V E N D O R S P O T L I G H T

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

I D C A N A L Y S T C O N N E C T I O N

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

RSA Identity Management & Governance (Aveksa)

The Cloud App Visibility Blindspot

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Converged and Integrated Datacenter Systems: Creating Operational Efficiencies

Transcription:

I D C T E C H N O L O G Y S P O T L I G H T C a n S e c u rity M a k e IT More Productive? December 2015 Adapted from Worldwide Identity and Access Management Forecast, 2015 2019 by Pete Lindstrom, IDC #259561 Sponsored by Thycotic Given an endless stream of breaches, increasing damage to brand reputation, forced resignations of senior executives, costly remediation, and loss in revenue, security is finally being taken seriously. It is now seen as something that the business should prioritize and embrace as a strategic advantage. Technological innovation is often seen as a strategic advantage for modern businesses. However, IDC data shows that innovations driven by business units are often derailed by IT security concerns. This exacerbates executive management's negative perception. IDC believes that security is slowly undergoing a transformation from negative to positive and from obstruction to enablement. This enablement not only secures users but also can make IT more secure and productive by improving the user experience while automating tedious and error-prone processes. This Technology Spotlight examines these issues and the role that Thycotic solutions play in addressing associated challenges. Introduction Identity and access management (IAM) has always been a market that is somewhat separate from the rest of security solutions because it is much more about "letting the good guys in" than about "keeping the bad guys out." Enterprises will find out this year that these are two sides of the same coin. As attackers increasingly target "insider" accounts (e.g., employees, partners, contractors, consultants, and customers) to get access to networks, servers, applications and, most importantly, data, IAM has become critical. For attackers, just taking over low-level accounts is the first step. The next step is for attackers to capture administrative (i.e., "admin") accounts so that they can escalate their access privileges to applications, data, and administrative functions. The latter category is very important because it enables attackers to conceal their activities from legitimate admins. In this context, privileged account management (PAM) is an important segment of the array of IAM solutions currently available. Among all IAM submarkets, PAM is growing the fastest because of the threat environment and the fact that many administrative environments have fewer security controls than the end-user accounts they manage. For example, IDC did a casual poll at a closed meeting of IT security administrators. When we asked how many administrators were still using default account names and passwords, roughly one-third of the administrators raised their hands. Moreover, entire departments were often sharing the same accounts and password credentials despite that fact that they require employees to rotate passwords and implement multifactor authentication. When IT security admins are asked why they put themselves and their companies at such a high risk, they cited crushing workloads, stingy budgets, and the need to frequently cover for other admins. Moreover, the inconvenience of applying these controls to themselves was just too much hassle, and "they all know and trust one another." However, they all recognize the ambiguity of this situation and the need for PAM. US40784215

Definitions Identity and access management is a comprehensive set of solutions used to identify users (employees, customers, contractors, etc.) in an IT environment and control their access to resources within that environment by associating user rights and restrictions with the established identity and assigned user accounts. Subcategories of the IAM market include identity management suites, user provisioning, PAM, single sign-on (SSO), advanced authentication (software for both public key infrastructure [PKI] and personal portable security devices such as smart cards and one-time password [OTP] tokens), and legacy authorization, such as Resource Access Control Facility (RACF) and Access Control Facility 2 (ACF2). PAM provides password vaults, session monitoring and recording, and fine-grained authorization for user accounts not assigned to a normal user (superusers, shared accounts, service accounts, etc.). What Is PAM, and Why Is It Needed? PAM is foremost on the minds of enterprises as they defend against credential theft and other account compromise. The focus on shared accounts and partner access continues to drive the need. Furthermore, the architecture lends itself to broader use as user activity monitoring and dynamic authentication become more popular. The privileged account management space continues its strong growth. It's critical to secure privileged accounts in today's environments. Privileged accounts are used in many devices, including servers, operating systems, and databases. Attackers target privileged accounts to gain access and escalate their privileges, eventually gaining access to confidential information. Because these "bad actors" are using the privileged credentials of an authorized user, they can be very difficult to detect once access has been achieved. The situation is worsened by: Unknown and unmanaged admin accounts "Privilege creep" that unwittingly causes low-level admins to accumulate dangerously high levels of privilege over the years Default accounts and passwords that were never changed Superuser/root accounts and passwords that are shared among many admins To address these issues, many companies still rely on manual systems, which IDC strongly believes are inefficient and ineffective. Automated PAM technology and solutions offer the capability to make systems easier to use and operate and more secure at the same time. The key elements and benefits of automated capability include: Discovery Single sign-on Access from and to multiple platforms Simple user interface for policy creation and enforcement Automation of compliance reports Reduction in manual tracking of updates Rotation of privileged credentials 2 2015 IDC

Enhancing Admin Productivity and Corporate Security IT security is often seen as an obstruction, so the notion of security systems that improve user experience, increase admin productivity, and decrease IT risk is an idea whose time has come. IDC believes that to accomplish this, such systems must be: Seamless Simple Automated Secure PAM should be seamless. Tools should support the business by allowing IT administrators to do their jobs without slowing them down. This means that usability and efficiency are top of mind while still allowing for the appropriate security controls to be in place. Security tools don't need to be cumbersome they can be efficient and secure if implemented correctly. All activities should be monitored from a single console and integrate with the discovery of admin credential in applications. "Seamless" means common tools, automated activities, and reduced need for costly integration consulting. This enables admins to focus on their projects and avoid distractions from multiple consoles, manual processes, and disruptive upgrades that require additional integration activities. While maintaining proper controls, select admins should have access from anywhere at any time via mobile. PAM should reduce complexity. Customers should look for simple solutions to problems. Tools should be designed with simplicity in mind. Every piece of complexity in security tools is a barrier to adoption, an invitation to circumvention, an obstacle to successful deployment, and a potential security risk. For example, SSO should work with a vault to automatically check out needed credentials and automatically return the credentials to the vault after the task is completed. PAM should automate common tasks. Automated security functions are a contradiction in terms for many professionals, but many shops are seeing the necessity of some automation. The process of checking out and automatically checking in credentials is only part of the story. To prevent phishing and other credential-stealing attacks, passwords should be rotated after each use with the SSO function, thereby shielding admins from this inconvenience. Moreover, discovery of new applications and their credentials should be automated to prevent vulnerabilities and ensure that PAM processes are almost always in compliance with internal and external regulations. PAM should be secure. While automated processes improve security rigor, access controls and monitoring are also needed: Logging is critical, but it must be accompanied by real-time monitoring and playback so the full session can be examined and any collateral damage quickly discovered. Desktop or mobile access can be restricted (e.g., specific GPS coordinates linked to IP address, physical location linked to network activity, time of day/day of week restrictions). Anomaly monitoring can reveal when an attacker has escalated privilege by capturing a legitimate admin's access. Rotating passwords after every session can reduce the exploitation time for a compromised password to minutes. Real-time monitoring against compliance controls can automatically disable access when contractors or consultants exceed their access privileges. Automatically disabling accounts when admins leave the company prevents continued access. 2015 IDC 3

Considering Thycotic Thycotic offers privileged account password management and security solutions. The core product is Thycotic Secret Server, which is designed to quickly and automatically identify and securely store privileged accounts in a relatively short period of time. The product has been installed in over 3,500 organizations worldwide, including Fortune 500 enterprises. Secret Server audits, analyzes, and manages privileged user and account activity. It uses automatic password rotation and alerts security teams to abnormal use of credentials. It's also designed to facilitate adherence to compliance standards using a tool that provides privileged account best practice policies. The system also collects, records, monitors, and manages privileged activity so that security teams can know how privileged accounts are being used in order to deter abuse. It also provides a full view to SOC with SIEM integration of privilege activities. Nonrepudiation evidence is made available for auditors through active recording and monitoring. Secret Server offers multiple layers of built-in security with easy access management for IT admins, robust segregation of role-based duties, and military-grade AES 256-bit encryption. It's designed to be highly scalable and support large-scale distributed environments. All major operating systems, databases, applications, hypervisors, network devices, and security appliances for on-premise and cloud are supported. Secret Server also offers high-availability disaster recovery options as well as hot backups and database mirroring. Secret Server enables the use of scripts to customize how functions behave, thereby allowing admins to build custom launchers to connect with hosts, applications, or other software using PowerShell, Perl, or other types of scripting language. It also offers the following capabilities: Password Reset Server provides self-service password management to free up IT help desk staff from time-consuming and inefficient processes and enforces stronger end-user password controls. Group Management Server empowers non-it personnel to securely manage their department's Active Directory Groups without assigning them a privileged account. Challenges Thycotic faces a few challenges. IDC believes that although the company has limited cloud support today, it will need certificate authority capabilities, extended discovery and control for cloud infrastructure, and increased support for cloud-based business applications. Conclusion PAM is foremost on the minds of enterprises as they defend against credential theft and other account compromise. It's critical to secure privileged accounts in today's environments. However, attaining security goals is not enough. Doing so in a way that preserves IT productivity is also important by making systems as simple and automated as possible. Security tools don't need to be cumbersome they can be efficient and secure if implemented correctly. Thycotic has made these attributes a major goal of its product strategy, thereby improving the admin's job satisfaction and productivity. We believe that Thycotic is one of the few PAM companies that understand that PAM is an elastic combination of seamless integration, simplicity, and automation that enhances compliance and security. To the extent that Thycotic can address the challenges described in this document, IDC believes the company is well positioned for success in the PAM market. 4 2015 IDC

A B O U T T H I S P U B L I C A T I ON This publication was produced by IDC Custom Solutions. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Custom Solutions makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T A N D R E S T R I C T I O N S Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the IDC Custom Solutions information line at 508-988-7610 or gms@idc.com. Translation and/or localization of this document require an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC Custom Solutions, visit http://www.idc.com/prodserv/custom_solutions/index.jsp. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com 2015 IDC 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information