To ensure the highest level of security and usability, companies should consider implementing privileged access and identity management. Identity management systems cover larger attack surfaces within the organization’s network, while PAM systems cover smaller, higher-valued attack surfaces.
The following are strategies to help organizations ensure that their PAM implementations are effective:
- Keep an inventory of all privileged accounts and document any changes.
- Disallow admins from sharing accounts.
- Limit personal privileged accounts to one for each admin.
- Establish and enforce a password policy for passwords.
- Change all the passwords on all company devices, so users aren’t using default passwords.
- Ensure that privileged account passwords change regularly to lessen the risk that employees who leave the company could compromise its systems.
- Secure privileged accounts with two-factor authentication.
- Limit permissions scope for all privileged accounts.
- Enforce separation of duties among employees.
- Enforce the least privilege — i.e., employees are only given the privileges they need to do their jobs.
- Apply best practices to elevate users who need extra access rights, such as documented request and approval processes.
- Use various logging and monitoring tools and techniques to obtain a clear picture of the actions privileged users take.
- Update employees about changes in privileged access policies and procedures to ensure they understand how to use and manage their privileged credentials correctly.
- Document account management rules and processes and require verification from company leaders.
