Connect with us

Hi, what are you looking for?


Identity & Access

Don’t Ignore Identity Governance for Privileged Users

It’s summer time, which means privileged users are away on vacations and contractors or co-workers are taking up the slack. Managing the temporary access that this requires is not something you want to leave to chance. 

It’s summer time, which means privileged users are away on vacations and contractors or co-workers are taking up the slack. Managing the temporary access that this requires is not something you want to leave to chance. 

Abuse of privileged access can be costly. On June 17th, Tesla reported a malicious insider attack on the Tesla Manufacturing Operating System that resulted in the loss of several gigabytes of data and a stock decline of six percent. That same week, we learned that a CIA employee was charged with providing hacking tools to WikiLeaks, stolen as part of the Vault 7 leak. 

Privileged Access Management (PAM) isn’t enough

According to Gartner, “PAM technologies help organizations to provide secured privileged access to critical assets and meet compliance requirements by securing, managing and monitoring privileged accounts and access.” 

In practice, PAM reduces the risk of privileged user abuse by limiting what privileged users (such as system administrators) can do on specified systems, during specified times or with specified commands. It can monitor and record their activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs. 

These capabilities are entirely necessary to protect against sensitive data loss from those who have the “keys to the kingdom.” But it isn’t enough.

The limitations of PAM

Advertisement. Scroll to continue reading.

PAM is effective for those who work within it. But if an administrator acquires root access and works around the technology, then it isn’t much use. And there are scenarios where privileged users are given temporary access, such as when covering for other privileged users on vacation or contractors who only need access during a certain period of time, which isn’t revoked at the end of the temporary period. 

Add to those scenarios the regular employee turnover, which typically doesn’t have a 100% accurate access deprovisioning process, and there can be an excess of privileged user accounts that could be abused by malicious insiders or outsiders who obtain their credentials. Access that doesn’t conform to the least privilege principle carries added risk. 

Identity governance is a necessary companion to PAM

Identity governance technologies discover access entitlements, and on a regular cadence such as every six months, manages a certification process whereby a manager or other authority must certify that the specified user holds the correct entitlements. More sophisticated identity governance tools will prioritize certifications based on users that hold privileged access and have unusual or elevated rights compared to peers, even providing for ad-hoc certifications out of band when the risk level is significant enough. 

Integration with PAM can provide identity governance a means of calculating this risk score. Additional risk scoring for privileged users should include usage of access that exhibits unusual patterns, such as during non-working hours or from an unusual location. Double-checking with managers or employees on the activity can identify malicious use, especially advanced persistent threats that often use stolen administrator credentials as an attack vector. The faster this is found, the more limited the damage that can be done. 

Identity governance is an additional control that can find privileged users working outside of the PAM system, and help enforce the least privilege principle. If you want to reduce the risk that privileged users present, explore how your organization can make these technologies work more closely together. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.