Learning Objectives
After completing this unit, you’ll be able to:
- Explain privileged access management (PAM).
- Identify privileged user responsibilities.
- Define risks associated with privileged use.
What Is Privileged Access Management (PAM)?
Access control is a central principle of cybersecurity. You control access in order to implement your organization’s security policies. Access control decisions govern who should be granted access, what they should be granted access to, and the methods of enforcing access and restriction. Someone has to be in charge of setting and monitoring these access features, and that person is said to have privileged access.
Privileged access management (PAM) is the set of cybersecurity strategies and technologies that organizations use to control levels of access and permissions for users, accounts, processes, and systems. Organizations design appropriate levels of privileged access to prevent and mitigate the damage that might arise from security breaches. While we’d all like to think that every attack comes from an external source, good security protocol must also take into account the possibility of internal breaches and those caused by malfeasance (accident or negligence).
When managing access, remember that the principle of least privilege is the key to maintaining safe systems. The principle of least privilege means that when you configure systems, you only give people the absolute minimum permission necessary to perform their job activities. This minimum permission is what we mean by least privilege.
What Are Privileged Users?
Someone needs to be designated to assign levels of access. These people are known as privileged users. They are the individuals who have administrative privileges to modify systems or view highly confidential information.
Privileged users include but are not limited to the following.
- Operating and network system admins: Users with administrative privileges to the operating system or network device
- Database admins: Users with administrative privileges to one or more databases
- Domain admins: Users with privileged access across all workstations and servers on a domain
- Application admins: Users with administrative privileges to one or more applications
- Local admins: Users with administrative access to the local systems, such as IT staff who perform maintenance or set up new workstations
Since users with privileged access touch the systems and devices that control an organization’s business and data (basically the “keys to the kingdom”), it is essential that they understand the security responsibilities that come along with that access. Privileged users are a point of access to any organization and its data, so it’s key to guard against both external and internal security threats.
What Can Privileged Users Do?
Privileged users, like other users, may have varying levels of access depending on their job function. Organizations need privileged users because they need people who can perform the following.
- Install software.
- Install or modify system processes.
- Create or modify system configurations.
- Create or modify system access controls.
- View or control a user’s screen through remote access technologies in order to assist them.
This means that some privileged users may have the authority to access much of your organization’s data and to make changes to production controls and other network settings. Privileged users also have access to the organization’s network, devices, and servers. Because privileged users have greater access to the network and are limited by fewer controls, they often have the ability to get around controls that restrict other nonprivileged users. They must always keep in mind that, by the very nature of their privilege, they pose a security risk.
Why Do Privileged Users Need to Be Careful?
Privileged users pose a security risk because of their level of access. A privileged user can be an organization’s security enforcer but can also be its greatest liability.
Even the most well-intentioned privileged user poses a risk. Take simple phishing as an example. If a system admin or network engineer with elevated access clicks a malicious link, it’s far more likely to do organization-wide damage than someone else who does not have that level of access and clicks the same link. Read on to discover how to mitigate these particular vulnerabilities.
