Christophe Hohl, IT Technical Advisor at Cyber Security Management
Do you remember the famous TV series *Baywatch*, featuring lifeguards on the beaches of California? David Hasselhoff and Pamela Anderson—Pam to her friends—kept vacationers safe and saved lives in danger. Well, the IT world has its own PAM too. Not Pamela Anderson, but Privileged Access Management. Their roles are quite similar: rescue. Except that PAM acts preventively, to avoid any drama.
With a little imagination, one could easily compare the networks of many companies to the famous beaches of Malibu. Everyone is welcome there. And just as lifeguards watch over the safety of vacationers, today it is network administrators and managers who secure access to networks. This, of course, attracts keen interest from cybercriminals. After all, these admins know the main usernames and passwords for the entire company. And if you have access to its servers and firewalls, you can cause enormous damage: prevent sales reps from accessing the CRM, breach the company’s critical data, and so on.
One might think that simply securing internal accounts is enough. But that is precisely where the problem lies. Increasingly, third parties (vendors, technical support teams, SOCs, etc.) have access to these "privileged" accounts. And since it is common for multiple people to work on a single account, the password for that account is not changed regularly. Since the password is no longer unique to a single user, it’s impossible to know who logged in or when.
And we haven't even touched on the implications of digital transformation. More and more companies are hosting their data and work in the cloud to increase operational flexibility and provide rapid access to their increasingly dispersed staff, customers, partners, suppliers, service providers, and logistics partners. According to a recent report by Forrester Research, 58% of the companies surveyed already outsource more than half of their data centers, servers, networks, and storage infrastructure.
The major risks involved include scattered data, abandoned accounts, shared but poorly managed accounts, and increasingly sophisticated methods of stealing privileged account credentials. To guard against these risks—and to ensure strict compliance with procedures—a high-performance, reasonably priced PAM solution is essential. Privileged Access Management is one of the key areas of risk management and data protection for any organization.
With PAM, the first step is to restrict the "scope of access." In practical terms, this means that external contractors are granted access only to the specific part of the server they need to work on. This access is time-limited: either for a set period or during specific time slots (for example, during business hours).
Second, PAM is a valuable analytical tool. Since it allows access rights to be granted to specific individuals, no one can log in anonymously with critical administrative privileges. These privileged credentials are always linked to a specific person, and we know exactly who logged in, when, from where, and even using which device. With the push of a button, you can obtain a detailed report of all (external) access attempts.
In a recent report, Gartner recommends using PAM to manage and control access by external vendors, especially in today’s IT environments, which feature increasingly complex infrastructures. This solution is more secure than a VPN, which, while providing secure access, does not reveal exactly what these third parties did on the network during a VPN session. PAM, on the other hand, enables more granular management and monitoring—and even the restriction of access to certain devices. If you want a traceability system, PAM is the solution.
This will certainly be a major challenge, as we know from experience that fewer than 10% of customers currently use a PAM. It’s our responsibility to raise awareness and provide even greater protection for businesses. Or as they used to say on Baywatch:“We protect when others won’t, and we go above and beyond.”
