New Rules for Privileged Access Management (PAM)
After a trying day at the Security Operations Center (SOC), a Privileged Access Management (PAM) super-admin just wants to have a nice cup of tea and a few minutes relaxing in front of the television before turning in for the night. But, as he dozes and slips into an InfoSec fever dream, he desperately seeks entertainment, flipping through the channels, returning again and again to the classic “New Rules” segment of “Real Time with Bill Maher.”
“New rule. Don’t assume your users aren’t sharing passwords. Plus, the password they’re sharing is P-A-S-S-W-O-R-D. Yes, it really is that dumb.”
Click
“On November 13, Felix Unger was asked to remove himself from his role as a Microsoft Exchange server Admin. That request came from the Director of Infrastructure Manager. Deep down, he knew she was right, but he also knew that someday he would return to this position. With nowhere else to go, he appeared at the office of his friend, Oscar Madison. Several years earlier, Madison’s manager had revoked his network admin rights, requesting that he never again log on. Can two admins share a lack of access privileges without driving each other crazy?
Click
“New rule. Do not allow a former employee to retain privileged access rights. That’s like taking a gamble on whether or not he will abuse those privileges. Gambling is for Vegas. What happens in the Java server does not necessarily stay in the Java server.”
Click
“Making your way in IT today takes everything you’ve got. Taking a break from all your worries sure would help a lot. Wouldn’t you like to get away? Sometimes you want to go where everyone knows your name, your role, your admin privileges, and your employment status.”
Click
“New rule. Don’t assume employees of third parties will notify you if they change roles. Believe me, when there’s a third party, you’re not invited because, of course, you’re not. Who do you think you are, Lady Gaga?”
Click
“Here’s the story, of a lovely admin, who was working with three very lovely temps, all of them had server access, like their boss, the youngest one for PERL. It’s the story of an ex-employee who was shady, who was busy with malicious pals of his own…”
Click
“New rule. When you’re implementing PAM for financial regulations, remember that greed is only good when your people do it.”
Click
“In the cybersecurity system, the board of directors is represented by two separate yet equally important groups. SecOps, who secure digital assets, and the system admins who keep them configured. These are their stories.”
Click
“New rule. Medical devices need to be subject to Privileged Access Management. Otherwise, the bad guys will definitely be live-tweeting your next colonoscopy.”
Click
“There is a fifth dimension, beyond that which is known to the manual security monitoring process. It is a dimension as vast as space and as timeless as infinity. It is in the middle ground between security and vulnerability, between solid access policies and superstition, and it lies between the pit of man’s fears and the summit of his knowledge. This is the dimension of imagination. It is an area which we call the Twilight Zone.”
Click
“New rule. You know those PAM solutions that rely on embedded software agents? Don’t be like that.”
Click
“No privileged access for you!”
Ready to enforce these rules with robust privileged access management (PAM) solution? Contact us for a demo of the WALLIX Bastion.
