Coming in First: Gartner Says PAM Should Be the Top Priority for CISOs
By: Orhan Yildirim
In a post by Gartner’s Jill Beadle, Privileged Access Management (PAM) was named the number one security project Chief Information Security Officers (CISOs) should invest in to reduce risk on a significant scale in large enterprises.
“Focus on projects that reduce the most amount of risk and have the largest business impact,” the post quoted Gartner vice president and distinguished analyst Neil MacDonald, who spoke during Gartner’s annual Gartner Security and Risk Management Summit in National Harbor, MD this year.
“These are projects, not programs, with real supporting technologies,” MacDonald said during his presentation, adding that all ten of the priority projects he covered are new to most CISOs, with enterprise adoption at less than 50%.
MacDonald described PAM implementations as those which “make it harder for attackers to access privileged accounts and should allow security teams to monitor behaviors for unusual access.”
MacDonald also focused on the role of “mandatory multifactor authentication (MFA) for all administrators,” as a minimum in any PAM implementation, pointing out that MFA is an ideal means to control third-party access, including that which is granted to outside contractors.
By taking a risk-based approach (high value, high risk) system to prioritize projects, and by choosing PAM which enables IT leaders to monitor and manage behavior among all internal and external individuals given access, MacDonald then went on to list these nine other projects, in order of priority from his vantage point:
- CARTA-inspired vulnerability management
- Active anti-phishing
- Application control on server workloads
- Micro-segmentation and flow visibility
- Detection and response
- Cloud security posture management (CSPM)
- Automated security scanning
- Cloud access security broker (CASB)
- Software-defined perimeter
Ironsphere is a leader in PAM technologies, which can be more easily implemented and integrated into existing enterprise security architectures, with the most comprehensive set of security solutions compared to other more expensive and less flexible traditional options. Learn more about Ironsphere’s PAM solution set here.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.