CISOs are overwhelmed with a multitude of projects that are pulling at their time and resources. All of these projects feel important and usually will have some benefit, but nobody has the time or budget to do it all.
So which projects will give you the biggest bang for your buck? How do security professionals prioritize these initiatives?
At this year’s Gartner Security and Risk Management Summit, Gartner’s Neil MacDonald revealed the analyst firm’s top 10 recommended security projects for 2018. MacDonald stated that CISOs need to, “focus on projects that reduce the most amount of risk and have the largest business impact.”
At the top of the list: Privileged Account Management.
High Profile Breaches Drive Attention
Deploying a Privileged Access Management (PAM) solution has been a best practice for many years, but many companies have not prioritized privilege or only partially-implemented what they know should be done.
PAM is in the spotlight again due to high profile breaches involving privileged credentials, such as Uber, Tesla, or even more recently, Timehop. Timehop disclosed a security breach that exposed personal data of 21 million users.
Timehop’s investigation found that in December, “an authorized administrative user’s credentials were used by an unauthorized user to log into our Cloud Computing Provider. This unauthorized user created a new administrative user account, and began conducting reconnaissance activities within our Cloud Computing Environment.”
There are a multitude of ways that a well-implemented PAM solution could have avoided the Timehop breach, but the easiest was if the compromised administrator account was required to use multi-factor authentication (MFA) for login it would be unlikely to be breached.
Get Going on Privileged Access Management to Increase Your Maturity
Here at Centrify we agree with Gartner and are glad to see that they believe PAM is the #1 important security project for 2018.
If your organization has not implemented a PAM solution, if you have only partly deployed or need to fully implement by adding multi-factor authentication, privilege elevation or session auditing and monitoring there are plenty of ways to uplevel your Identity & Access Management capabilities and increase your PAM maturity.
PAM is a critically important part of an overall Zero Trust approach that verifies the user, validates their device, and limits their access and privilege. Centrify Next-Gen Access can quickly empower you to adopt a least-privilege standard across your organization, and greatly reduce your risk exposure.