Strengthening Cyber Resilience Through Privileged Access Management

Cyber resilience refers to how well an organization can recover from a cyber incident. Many factors contribute to success with cyber resilience, but any attempt to achieve cyber resilience should prominently feature Privileged Access Management (PAM).

PAM strengthens cyber resilience through centralized control and monitoring of administrative accounts. It enables rapid, smooth and secure system recovery from an organizational perspective.

What is Cyber Resilience?

The concept of cyber resilience unifies the separate but related disciplines of information security, business continuity, and disaster recovery. It goes beyond continuity and recovery, though. Continuity and recovery imply an inoperative period or diminished operating capacity in the wake of a cyber disruption. A cyber-resilient organization is different. It can continuously deliver on its mission regardless of obstacles thrown in its way by cyber events.

A cyber-resilient organization can continuously deliver on its mission regardless of obstacles thrown in its way by cyber events.

The model for cyber resilience comes from biology. In the same way that an animal uses multiple muscle groups, nerves, senses and data to land on its feet after suffering a fall, a cyber-resilient organization is able to leverage its entire organizational and technological capability to “land on its feet,” so to speak.

Why is cyber resilience growing in awareness and adoption? Businesses and public sector entities today are far more reliant on digital technology than ever before. The complexity of the digital landscape has stretched the conventional notions of security and continuity to the point where a new paradigm is needed.

Today’s digitally-based organizations are geographically dispersed, often managing operations, security and compliance across multiple sovereignties. Digital assets are spread between on-premises infrastructure, the public cloud, private clouds, and hybrid architectures. An “organization” and its software might actually comprise an ever-shifting composite of enterprise applications and third-party web services, loosely connected by standards-based APIs. Holding all of that together during a catastrophic event—including the human and organizational elements—will take more than a basic business continuity plan.

Keys to Achieving Cyber Resilience

There is no one single element to a successful cyber-resilience plan. To be resilient, an organization must have sound backup, recovery, and failover for critical systems. There must be well-designed plans that are tested and rehearsed. Of course, underlying cybersecurity needs to be robust—not only so potential cyber incidents can be detected, but also so the recovery process can be accomplished quickly and efficiently.

Organizational aspects of cyber resilience are crucial to success. Digital businesses are not so much groups of people who use technology to conduct business as they are a fusion of people and technology. In the biological analogy, a digital business is like a complex organism that blends people, organizational structures, alliances between different entities, and a huge range of technology.

Risk and Potential: Privileged Access as a Success Factor in Cyber Resilience

Privileged access is the ability of administrative (or “privileged”) users to log into the back ends of systems and modify settings, set up or delete accounts, move data around, and so forth. The management of identity and privileged access are like the DNA of the digital organism. They hold the entire construct together. Who is who? Who can do what? What roles have which privileges? Without firm and well-managed governance of identity and access, the process of recovering from a cyber event will slow way down.

Without firm and well-managed governance of identity and access, the process of recovering from a cyber attack is much more difficult.

In the old days, it might have been enough to have a “hot” or “mirror” site ready to go with critical applications and data. In that context, it was relatively simple to know who had the administrative authority to boot up the hot site and control its settings. In the modern organization, where systems are scattered across multiple domains and organizational entities, the lack of clarity regarding who can do what presents a major impediment to resiliency. This is the domain of Privileged Access Management.

Privileged Access Management (PAM)

Privileged Access Management combines technology with processes and practices to strengthen cyber resiliency by controlling privileged access and monitoring privileged account sessions. PAM serves as an important cyber security countermeasure that mitigates the risk of privileged account abuse. In cyber incident recovery, a PAM solution can enable the rapid and secure redeployment of systems that conform to privileged access policy. To understand why this is important, consider the security posture of an organization that recovers from an incident by booting up systems that lack administrative access controls. That could lead to an even less secure and vulnerable state of affairs.

The WALLIX Bastion supports cyber resilience by giving security managers a unified set of controls over administrative access to any system, data, or resource. WALLIX can govern privileged access for systems hosted virtually anywhere. For the WALLIX solution, a privileged user can be an employee, contractor, employee of a vendor or even a software application.

The WALLIX Bastion supports cyber resilience by giving security managers a unified set of controls over administrative access

With WALLIX in place, a privileged user must go through the Access Manager to conduct an administrative session. The Access Manager contains rules for who can access what, and when. It enables managers to grant, revoke and modify privileges. In a cyber recovery situation, Access Manager enables a business continuity team to assign privileged access roles to whomever needs them, but to do so within existing security policies.

For instance, if resiliency depends on allowing a third party (e.g. a cloud provider) to have privileged access, the WALLIX solution makes it possible to grant the privilege but then revoke it when it is no longer needed. WALLIX Password Manager isolates privileged users from system passwords so that even privileged users never have access to the actual root passwords. These features bolster an organization to mount a sophisticated, fast-paced recovery from an incident without creating unforeseen vulnerabilities or compliance problems in the process.

PAM is an integral part of achieving resiliency in a digital business. To learn more about the WALLIX PAM solution and its potential to strengthen cyber resilience, get in touch!