The Urgency of Privileged Access Management to Secure the Enterprise Edge
By: Mohie Ahmed
As more compute is moving to the edge, enabling control systems and automation and reducing the expense and latency associated with cloud compute, it is essential to ensure that only authorized administrators are able to access the devices, applications, and networks.
At the highest level, edge security is the application of security practices at connected nodes that are outside the network core.
Most simply stated, the edge requires the same fundamental features as the core network, with visibility into the entire environment, monitoring and management tools for administrators, encryption of data while stored and shared, and a “zero trust” approach to access and Privileged Access Management (PAM).
Edge security is more difficult given the diversity of devices at the edge, which can include edge data center equipment, servers, computers, and devices at the edge, including sensors, actuators, gateways, and mobile devices, including smartphones and tablets. There are growing security risks associated with the proliferation of local devices (billions of them), and because both edge computing and uses, including IoT, are still relatively new, there is a sense of urgency around IT and OT teams working together to ensure security beyond the traditional IT understanding.
The traditional security fundamentals practiced by world-class IT teams include encryption, visibility, monitoring and management consoles, intrusion detection and prevention, access control, and the principle of least privilege. These functions are in existence, including PAM, and fortunately have been virtualized so they can be applied to operations technology.
As the number of network nodes continues to explode, the attack surface increases along with threat vectors. Privileged Task Automation (PTA) uses software to scan the network and devices on the network and analyze logs for anomalous behavior, which is priceless for IT and OT teams. There is not enough time and resources to monitor and analyze what is happening in connected systems without advanced automation.
While intrusion detection and intrusion prevention systems are key in monitoring, analyzing, and reporting on anomalies and malicious activity, they are only part of a holistic approach that brings tools to IT and OT teams responsible for protecting assets and ensuring regulatory compliance.
Access control under the principle of least privilege, with a “zero trust” mentality, keeps employees from accessing resources and sensitive information they are not authorized to access. What makes edge computing different and more challenging than the premise and cloud security is that the demands of robust security protocols can impact the performance of small edge devices, a challenge the cybersecurity industry is tackling, including Ironsphere. Essentially, by limiting who has access and what can be done if access is granted, organizations can reduce the risk of accidental or intentional and malicious access to critical resources and data.
Bringing together the IT and OT teams to tackle new challenges as enterprises stand up more edge solutions (which bring with them tremendous business benefits) is a great first step, as OT teams may not be as aware of the need to properly secure edge devices (for example a gateway in an edge server that is sending data from power plant sensors to applications in the cloud).
To secure the networks impacted by poorly secured IoT devices, IT teams charged with securing networks need to take responsibility and work closely with OT teams as systems are built and scaled.
By placing security agents in edge nodes like micro data centers with a proper amount of processing power, traffic from compromised IoT devices can be detected as compromised and prevented from accessing the rest of the network.
We can expect the world of the “hyperconnected enterprise” to grow even more heterogeneous. We can expect to see a blurring of the lines between billions of devices and machines and the human beings who interact with them. It’s time to plan now – and create important relationships between what have been two worlds – information and operational technology.
With new software-based approaches and cybersecurity automation, organizations can protect themselves from one of the primary causes of breaches – adversaries taking control of privileged accounts by being able to “crack the code” on privileged users’ passwords.
When the COVID-10 pandemic began, no industry in the world was put under more stress than the medical industry. With cases climbing, and more people constantly wanting information on what to do, the medical industry turned to technology to meet the demand.
It is one thing when enterprises use automation, including AI, to improve the efficiency of their ERP, HR, accounting, and other systems, and of course, any enterprise system which collects, stores, and uses data should be fully protected, including a solid Privileged Access Management (PAM) solution as a core part of their IT architecture.