Intelligent CISO Issue 49 - Page 69

decrypting myths
credentials to target systems . Centralising management and rotation of passwords to applications and IT assets is critical to ensuring comprehensive risk and vulnerability management . strategic technology solutions , to minimise vulnerabilities and block malicious actors from potentially advancing and self-escalating privileges across the network .
Putting Just-in-Time security into practice
The first step is to audit all user access privileges , company-wide , to determine the scope and scale of the issue . How many users are there ? What are their profiles and to which applications and systems do they typically need access ? How many user accounts are dormant , how many elevated privileges are rarely or never used ?
Based on the answers uncovered , the next step is to establish an internal policy to define requirements for users to be granted access to target systems :
Rashid Ali , Enterprise Solutions Manager at WALLIX
which roles and teams , under which conditions , and for how long should access be allowed ? You will also need to regain control over all passwords and
A privileged access management solution is a strong first step to protect the ‘ crown jewels ’ of the IT infrastructure . This type of solution centralises and streamlines secure access to critical IT assets like production servers . This eliminates the shared use of root passwords , locking down sensitive access . Temporary privilege elevation can be requested as needed to enable human and machine users to carry out occasional tasks or run privileged commands . The user simply submits a ticket request to elevate privileges for a specified action and time period thanks to privilege elevation and delegation management . When connecting through a privileged access management solution , the user experience is seamless , facilitating productivity and efficiency while fully vetting authorisation to connect to the server based on the Just-in-Time principles-defined in the solution .
Reaping the benefits
Once fully implemented , Just-In-Time access management strictly limits the amount of time an account possesses elevated privileges and access rights to reduce the risk and attack surface . Privileged accounts are only used for the time needed to complete the task or activity – users , accounts and sessions do not hold on to ‘ standing privileges ’ once the task is complete . With the proper access security solutions , Justin-Time is made simple with dynamic privilege elevation to ensure that only the right identities have the appropriate privileges when necessary , and for the least time necessary . u www . intelligentciso . com
69