Why Privileged Access Management Is Important
Author: David D'Andrea Co-founder & Chief Architect |
Since the 2020 pandemic, Studios and VFX houses have had to rapidly retool how employees, contractors, and freelancers continue to work on sensitive content remotely. The security challenge in any remote access scenario is validating identity and ensuring the least-privilege permissions are applied.
One way of providing that level of protection is incorporating Privileged Access Management (PAM). This process follows the principle of least privilege, which is based upon the idea that all users should have access only to the information and systems they fundamentally need to perform their job duty. The practice of least privilege is commonly recognized as a standard practice in cybersecurity, being an important component to securing privileged access.
Following the least privilege approach, organizations can minimize the danger of insider and external threats, which otherwise can result in national security threats. PAM is intended to track, handle, and control privileged accounts, also being aimed at supporting organizations in the effort to protect access to sensitive data.
Every organization should rely on PAM to be secured against risks raised by the misuse of privileges. The goal of deploying a Privileged Access Management solution is to prevent six different types of insider’s attacks:
1. Infiltration: External threats no longer represent the primary threat to an organization. Infiltration can happen through various attack vectors, and internal access is one of them.
2. Command and Control (C&C): Intruders can easily establish a connection to a C&C server to access toolkit and payloads and receive further commands. This helps them assess the environment and prepare their next steps.
3. Privileged Escalation: Threat actors start learning about your network and identifying the privileged accounts and key assets, looking for ways to collect passwords and take advantage of the user rights they have already abused.
4. Lateral movement: Threat actors exploit stolen credentials to compromise additional assets and accounts using lateral movement, continuing the propagation and navigation through the base’s environment.
5. Searching for Opportunities: Threat actors focus on remaining undiscovered. This allows them to extend their reach into vulnerabilities systems to install malware, Trojans, spyware, and identifying additional environmental targets.
6. Data Exfiltration or Destruction: Threat agents gather, store, and exfiltrate data and infect your systems with malware. Whether initiated externally or internally, these types of attacks cause the greatest levels of exposure to non-authorized parties.
Any of one of those six insider attacks can cause permanent damage to an organization's reputation and financial outlook. Implementing PAM to secure and control privileged access on-premise and/or remote workers provides a level of due-care, along with re-enforcing identity and access to content.
Specifically, in the media and entertainment industry, I have seen several PAM solutions and the most effective is a combination of an Active Directory “Red Forest” and a just-in-time shadow-mapping entitlement system. For the SBM market, I recommend an Active Directory “Red Forest” with a well mapped Tier 0 – 3 role segregation.
This is the biggest bang for the buck for smaller organizations and can enable quick turn arounds for adding and removing collaborators. For larger organizations that have fairly strong PAM, I recommend a combination mentioned above, along with an Identity Management solution – whether Microsoft Identity Manager or Oracle Identity Manager, because it adds another layer of identity and access control for high-valued assets.
Are you ready to discuss content creation security in the cloud? Want to learn more about solutions that are meeting and exceeding security requirements in the Media and Entertainment industry? Let’s talk!
Click here: https://www.stratuscore.com/contact.php