Misuse of Privileged Credentials Now Involved in 80% of Data Breaches

Recently the respected analyst firm Forrester released its “Wave” for the privileged identity management (PIM) market. Centrify is quite proud to be recognized as a leader in the Forrester Wave (in fact we are the “furthest to the right”), and you can request a complimentary copy of the report here and see our analysis of the report here. But, what really jumped out at me was that the report documented how pervasive the misuse of privileged credentials are in data breaches. In this blog I will discuss what PIM is, what are some of the key findings of the Forrester report and what are the key features needed in a PIM solution.

TK PIM blog

Get your copy of the report here

What is privileged identity management (PIM)?

It has to do with the fact that most mission-critical systems, applications, databases and network gear have an administrative username and password (i.e. a privileged account, aka a privileged credential) to enable installation, configuration, administration and management of those platforms. And it turns out that most large IT organizations have hundreds of people that need to administer Windows or UNIX systems (“the sys admins”), their databases (“the DBAs”), their networks (“the network admins”) as well as multiple personnel who either develop applications (“the developers”) and/or administer applications (“the app admins”).

These people are in effect the “superusers” in one’s IT organization. And it means that the more privileged users an organization has, the more people that have “keys” (i.e. administrative access) to these “kingdoms” (i.e. systems and applications) and the valuable information that reside behind the kingdom doors. The point is that it is not the average end user who can cause a major insider breach, as their accounts tend to have limited access to critical data; it is the “superuser” who has the keys to the proverbial kingdom and who can potentially do the real damage.

As Forrester notes in its report,

“In an ideal world, there are no shared passwords or recycled/shared functional accounts. Reality, however, often demands that admin users share passwords to a shared functional/service account … Our interviewees report that because these credentials give users access to powerful functions, they need to manage and audit the use of these credentials more carefully.”

So how big of a deal is it to manage and audit use of these privileged credentials? This quote was the thing that really stuck out to me when reading it:

“Forrester estimates that 80% of security breaches involve privileged credentials. It’s understandable: After an intruder gains access to the employees’ devices, they try to snoop the network and install keylogger to get higher privilege credentials (such as root or administrator). Privileged credentials provide greater scope for stealing data en masse than individual accounts do: With privileged credentials, attackers can dump the entire database, bypass network traffic limitation, delete logs to hide their activity, and exfiltrate data easier.”

80% is huge, meaning that addressing Privileged Identity Management should be (actually … must be) on the top of any organization’s list of security solutions to implement. I also like the fact that Forrester highlights that the hackers are going through ANY user’s account to get at privileged credentials. That’s why we think it is critical to have an integrated solution for both end *and* privileged users.

What are the key features in a comprehensive PIM offering?

Forrester says you need the following:

“1) provide its own, web-based channel for access; 2) provide its own, tamperproof password safe (credential storage); 3) spawn, monitor, and intercept privileged Windows and Linux sessions (privileged session monitoring, or PSM); and 4) control privilege escalation on the endpoint (such as sudo replacement and revoking administrative rights on Windows from end users)”

The good news is that Centrify addresses all those requirements with our Privileged Identity Management solutions. And, we address the security needs of end users with our Identity-as-a Service (IDaaS) offering — which is critical as end users are the conduit in which hackers try to get access to privileged credentials.

Tying all this together, what Centrify is about is securing access to both infrastructure and apps for all users — be them end users and/or IT users who have access to the “keys to the kingdom.” And, the cool thing is we do this across data center, cloud and mobile.

Centrify Vision

We are quite pleased with our leadership position in the Forrester Wave for PIM. This follows us being named a leader in the Gartner Magic Quadrant for Identity and Access Management-as-a-Service. Our customers and partners can expect more market validation in the coming weeks of the Centrify vision.

Read a complimentary copy of the report here.