Privileged Management Access: A Powerful First Line Defense as More and More Employees Work from Home
By: Mohie Ahmed
The COVID-19 Coronavirus pandemic is forcing many enterprises and organizations to ask their teams to work remotely, and as IT teams work tirelessly to support a rapidly virtualized environment, security is top of mind.
Already, we are hearing reports of attacks on mission critical systems associated with the crisis itself, with reported incidents against, for example, the U.S. Health and Human Services Department. While the attack was thwarted, it is evidence that even in a global health crisis, adversaries will attack – and even relish the idea that more doors are open, and windows unlocked – given the natural expansion of the threat surface.
While nearly every company and government agency has been allowing an increasing number of individuals to work from home, either daily or a few days a week, never have we seen a mandate to scale that up securely than at this moment.
In addition to employees, given the growth of the “gig economy” and the addition of more consultants and freelancers in place of “FTEs”, – and the rising level of third-party vendors, partners, and integrated systems – it is now mission critical for IT teams to protect digital assets, in increasingly digital times.
Remote work comes with security risks that must be addressed, especially in a crisis like this pandemic, which leaves organizations more vulnerable to both unintentional loss of data or mistakes that can take entire networks down, and the intentional actions of bad actors.
Remote work has become a highly popular and common practice around the world. According to the latest International Workplace Group report, 50% of employees globally are now working outside of their main office headquarters for at least 2.5 days per week, and 75% of people consider flexible working to be the new normal.
One thing is clear: remote work is here to stay.
In another study, OpenVPN reported that 90% of IT professionals believe remote workers are not secure. At the same time, over 70% think remote staff poses a greater risk than onsite employees. Their concerns include accessing systems and data through open Wi-Fi networks, using personal devices for work, and ignoring or working around security policies.
It is no longer simply enough, however, to informally address these and many other issues with security built into the LAN, especially when it comes to employees who have access in the office to mission critical or sensitive applications and information. It is also unfair to ask IT teams, who are already straining under the increased volume of remote workers and their budgets, to close every gap – unless they have the right tools. One of the most important tools is Privileged Access Management (PAM) platforms which are built for the world of multi-cloud and mobile working from the ground up.
Comprehensive platforms like ours include the full range of services, from Multi-Factor Authentication (MFA), to Password Management, 100% logging, and full visibility into every endpoint, including individual’s laptops, tablets and smartphones. By doing so with the highest level of automation and scale, our customers are remotely preventing what could turn out to be expensive and disastrous mistakes and attacks.
Why is PAM more critical than ever?
Privileged users access an organization’s critical systems, resources and assets using elevated or unrestricted accounts, i.e. privileged accounts. These accounts include local and domain administrative accounts, service accounts, emergency accounts, application accounts, and are referred to as “the keys to the kingdom.” They are primary targets of both external and internal malicious users and have been used in successful attacks to gain access to an organization’s critical systems and resources, resulting in data breaches or service outages that have material business impact.
Privileged accounts are a potential source of threats to the security posture of any organization because of their elevated/unrestricted access to critical systems and sensitive information.
Cloud-native is also increasingly important: Ironsphere protects client organizations’ assets whether their infrastructure is on-prem, cloud or hybrid, and supports Cloud IaaS platforms like Amazon, Azure, Google Cloud and OpenStack.
Ironsphere’s PAM for Public Cloud solution secures access, controls configuration changes, records all privileged activities in public and private cloud platforms, and supports extremely fast scale-out and scale-in scenarios by auto discovering and onboarding virtual instances within minutes.
As the world comes together to stop the virus, collaboration is essential. Workforce flexibility is critical, and ensuring all assets are protected, including the private information of potentially millions of people, is an obligation.
We’re here to help you protect what you connect – not just digital assets, but all the people in your organization, your partners, customers and the consumers those customers also serve. Let’s make security more viral than COVID-19 – together.
We have announced the success of a project we have been developing with Pegasystems, Inc., a growing, global Cloud software and services provider. Pega, whose mission is to empower digital transformation at the world’s leading enterprises, selected Ironsphere’s Privileged Access Management (PAM) software to further secure its Amazon Web Services (AWS)-hosted CRM as-a-service offerings.read more
Global Leader in Cloud Software Embeds Ironsphere’s Privileged Access Management Software to Restrict Access and Protect Assetsread more
Cloud growth is continuing to accelerate, especially in the context of the world of virtual working, and distributed infrastructure. IT teams who have been appropriately cautious in moving applications and services to the cloud in the past are speeding up their roadmaps, as they do not have time to debate the benefits of cloud. Even the largest and most mission-critical enterprises are racing to embrace more cloud to support their teams as they work from home, but they are doing so with a laser focus on security.read more