L’explosion du périmètre de l’infrastructure informatique impose d’en redéfinir sa sécurisation. Les usages des utilisateurs sont de plus en plus pointus et les métiers imposent des contraintes de production, bien sûr, mais aussi de flexibilité, d’agilité et d’expérience utilisateur. Nous y voilà : c’est tout simplement grâce à ces utilisateurs que nous allons pouvoir redéfinir notre périmètre. Les actions et les permissions qui leurs seront accordés vont constituer la base d’une stratégie IAM. Celle-ci devient essentielle et de plus en plus stratégique car elle impacte et lie directement l’expérience des utilisateurs avec l’infrastructure informatique. Le PAM est
une composante cruciale de l’IAM, puisque s’agit des accès et des permissions qui sont accordés aux utilisateurs « à hauts privilèges » : ceux qui peuvent tout faire, tout détruire… ceux que recherchent les hackers ! On pense bien sûr, à protéger les admin internes, et autres équipes IT, mais maitrisez-vous vraiment tous ces utilisateurs privilégiés ?
Alexis SERRANO - Channel Manager - South EMEA- BeyondTrust
Similaire à Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le socle de votre stratégie IAM (Identity & Access Management) ? - #ACSS2019
Similaire à Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le socle de votre stratégie IAM (Identity & Access Management) ? - #ACSS2019 (20)
Summary Bullets:
And what’s more – what we once classified as the ‘privileged attack surface’ has massively changed: in fact it’s grown exponentially over the years.
In most organizations, thousands of privileged accounts now exist across on-prem devices, the cloud, the Internet of Things, and in DevOps.
Summary Bullets:
And what’s more – what we once classified as the ‘privileged attack surface’ has massively changed: in fact it’s grown exponentially over the years.
In most organizations, thousands of privileged accounts now exist across on-prem devices, the cloud, the Internet of Things, and in DevOps.
Privileged access is at the heart of many of today’s most high-profile breaches. And if breaches weren’t enough, a growing list of compliance regulations require the management of privileged users.
Let’s take a quick look at why this is the case.
First up, employees and other insiders have unnecessary access. Employees, vendors and other insiders are often given excessive access to systems and data. This is often needed to “do their job” but without the right discipline and accountability these excessive rights are just pathways to data.
Privilege abuse can be malicious, as with Edward Snowden at the NSA – or it can be accidental, such as when outside attackers gain privileges through phishing and hacking.
Looking at the Verizon report, over 60% of cases involved excessive privileges in some capacity.
Next up, enterprise credentials – the keys to the kingdom – are shared and unmanaged. This means that passwords can be created and shared, but aren’t audited, monitored or managed with discipline or accountability.
Every heard of the Sony attack.
Whats the ideal scenrairo – every device, every database, every resource, every asset has a unique password that changes after each use. That’s the goal. Can we get there? We can get pretty close.
Our customers and new clients typically don’t know how to get there and candidly scared to death of how to get there. They are afraid of losing control. The resultant behavior of that fear is what the threat actors leverage to gain privilege access.
In 55% of cases, privilege abuse was behind the incident.
Of course, once attackers find their way in, they can do a lot of damage by taking advantage of system vulnerabilities – such as outdated software – to install malware and other tools for stealing data.
This happens because desktops, laptops, servers and applications communicate and open paths to sensitive assets and data.
The sad fact is most exploited vulnerabilities are “old hat” and have been known about for over a year and are very easy to compromise.
Summary Bullets:
- Before I run through the specific solutions in our portfolio that could help you resolve these challenges – I wanted to talk through the overarching idea behind our PAM platform.
- It’s this challenge of ‘too many people having too much access’ that tends to be at the core of most security breaches (see key stats).
Summary Bullets:
- Before I run through the specific solutions in our portfolio that could help you resolve these challenges – I wanted to talk through the overarching idea behind our PAM platform.
- It’s this challenge of ‘too many people having too much access’ that tends to be at the core of most security breaches (see key stats).