1 Introduction
It’s widely known that many successful cyber-attacks involve the misuse of an organization’s own privileged accounts, and misuse is enabled by inadequate access management software, policies, or processes. Organizations have turned to cloud infrastructures to enable digital transformation programs. However, by not adequately controlling access to cloud resources, these advancements have opened organizations to a new set of vulnerabilities, which attackers are more than happy to exploit.
Some of the malicious activities that must be detected and controlled are abuse of shared credentials, misuse of elevated privileges by unauthorized users, theft of privileged credentials by cyber-criminals, and abuse of privileges on third-party systems accessed via the cloud.
Traditionally, privileged accounts were mostly given to a small set of administrators who needed access to perform maintenance and upgrade tasks, mostly on networks on-premises or local area networks (LAN). In some cases, senior employees may have also been given elevated access rights for specific tasks. It’s fair to say that this is no longer the case. Privilege management use cases now extend across entire organizations, with users requiring task-based access to data, services, and applications held on legacy systems and multi-cloud-based infrastructures. And, of course, admins still need to perform those traditional privileged tasks.
This change explains why PAM software, in general, has developed considerably in the last few years. Both new and traditional vendors have responded well to demands for more advanced PAM capabilities suitable for the modern computing era.
Interest in Least Privilege architecture and policies has also grown as organizations look to secure the cloud. Buyers are increasingly aware that a well-configured and up-to-date PAM platform can be an integral part of any such architecture and that the traditional architecture of PAM must be extended to support cloud environments and SaaS applications and services.
The future of business operations will revolve around a new paradigm of a highly dynamic IT architecture that melds multiple cloud platforms with legacy networks on premises, partner networks, and even, in some cases, mainframe installations. This Dynamic Resource Entitlement and Access Management (DREAM) paradigm is what the next iteration of modern PAM platforms (and other identity and data governance tools) must be engineered to support; to deliver secure access and greater business value across a new generation of cloud resources.
These new, ultra-hybrid networks will push existing identity and security frameworks to their limit and call for solutions that provide controlled, rapid access to dynamic, often ephemeral resources, wherever they exist.
For PAM vendors, this has meant including Cloud Infrastructure Entitlement Management (CIEM) capabilities as the first step towards fulfilling the DREAM paradigm and extend the reach of privileged access into dynamic environments. To be successful, l however, they must operate at the speed and service levels that users expect, provide unified access across all cloud platforms, and deliver the advanced monitoring and controls of privileged access in the cloud.