Posts Tagged ‘PAM’

The Top Three Reasons Organizations Aren’t Stepping Up Their PAM Solutions

  March 4th, 2021

Many organizations are stuck between two unfortunate truths with their privileged access management (PAM) program. According to a recent poll of more than 150 IT professionals by Enterprise Management Associates (EMA), which was sponsored by Hitachi ID, nearly 90% of respondents experienced a privileged access policy violation in the last year, yet almost none of them are confident their PAM solutions will prevent privileged access security breaches. It is clear that currently adopted PAM processes are, in the majority of cases, insufficient to provide the level of protection they were introduced to achieve. 

That’s a real problem, especially as more organizations turn to a Zero Trust model, but the solution seems clear: organizations need new PAM approaches and solutions to meet their security goals and inspire confidence as cyber threats become more prevalent. Despite this, the poll also found many organizations seem content to continue utilizing inadequate PAM solution configurations, as evidenced by the high overall satisfaction rates. 

This begs the question: Why?

The reasons holding companies back from stronger, more resilient, scalable PAM solutions are many, but most fall into one of three distinct categories: 

Overly Centralized PAM Deployments

Traditional PAM deployments are predicated on centralized administration and configuration which is time consuming, resource intensive and oftentimes crippling to a project as IT is not empowered to make credential management decisions on behalf of business stakeholders/users. PAM user communities within the business are accustomed to having free reign with their privileged/elevated access and are not inclined to hand such over to IT overnight. This leads to political in-fighting around how credentials will be managed and ultimately the stalling out of PAM programs and momentum to where customers can end up with a glorified static spreadsheet of passwords behind a nicer user interface. 

Partnering with a PAM solution provider that can decentralize the credential lifecycle management processes and permissioning in order to enable business units and program stakeholders to take full ownership of their credentials should be the goal. This approach empowers users, reduces friction between IT/audit and business users all the while ensuring corporate security policy and standards are met and maintained. Furthermore, a provider that can deliver such in a standardized, pre-configured pattern that accelerates tedious and time-consuming delivery processes (implementation, migration, integration training, etc.) needs to be a key consideration when selecting a new solution. 

PAM Management Challenges 

Once organizations get past the challenges of getting the technology up and running, there’s the day-to-day use and expansion to consider. Customers can reduce program risk by measuring their use and system expansion carefully early on, ie. addressing key business systems and or user communities first and expanding from there. This approach demonstrates quick wins and early returns from a security/risk reduction perspective and allows you to maintain strong executive sponsorship to build further. 

The system also needs to be flexible with respect to accommodating differing user populations and their preferred tools when connecting to downstream systems with admin credentials. Users are fickle and will want to leverage their existing tools/clients rather than change their ways, so ensuring that the brokering/disclosure of privileged access works in-line with how users operate today is imperative for customer satisfaction and adoption.

Like any other new system or application, it’s crucial that your PAM system integrate seamlessly with existing identity lifecycle and governance processes. As privileged/admin user types come and go, so should their rights and permissions within a PAM system, especially so for your supply chain actors. Many user lifecycle and governance challenges within your PAM program can be avoided with strong integration into your existing identity management system, something Hitachi ID is uniquely positioned to deliver in one integrated platform with Bravura Identity and Bravura Privilege under the broader Hitachi ID Bravura Security Fabric. 

Competing Security Budget Priorities

Even before the impact of 2020, finding a budget for security and privilege programs has long been a challenge for IT teams. Organizations often prioritize funds for alternative methods of security management, such as security information and event management (SIEM) and threat detection systems. The problem is many of these solutions can’t prevent lateral movement if/when an attacker has breached your network the way that a strong PAM program can. 

In addition, organizations that have the advantage of an enterprise-class PAM solution will realize reductions in operational risk and therefore better insulate themselves from a data breach which are costing organizations $4 million on average according to industry analysts. 

Stop System Vulnerabilities Before They Start

The most effective approach to any enterprise security strategy is to prioritize solutions that address the organization’s greatest vulnerabilities first. The distribution of privileged access accounts needs to be towards the top of that list. With the right PAM solution in place, businesses can take the important step from reacting to systemic privileged policy breaches to proactively preventing them. 

As the privileged access domain evolves and grows ever closer to identity governance and administration in terms of integration and processes alignment, organizations are starting to pursue zero standing privilege models as their baseline on the journey to a Zero Trust Architecture. As a result customer requirements now include privileged account lifecycle management to better support just-in-time admin/privileged access and reduce trust.
For more information on PAM best practices and key takeaways from EMA’s report, listen on in this on-demand webinar “Modern Requirements and Solutions for Privileged Access Management (PAM).” You can also access the full report here: Advancing Privileged Access Management (PAM) to Address Modern Business Requirements.


A Winning Security Formula: Hitachi ID Bravura Discover and Automation

  February 23rd, 2021

On average, it takes 280 days to identify and contain a data breach, according to the latest data from IBM’s “Cost of a Data Breach Report 2020.” Add the increase in malicious attacks, which now account for more than half of data breaches, plus the impact of a mostly remote workforce and it’s a recipe for a potential identity and access management (IAM) disaster. With the global average total cost of a data breach now coming in at just under $4 million, companies literally can’t afford not to modernize & evolve their access management programs.

Now, here’s the good news: security automation solutions are already responding to this problem by using AI (artificial intelligence) and ML (machine learning) to get ahead of vulnerabilities and avoid catastrophic breaches. In fact, by 2022, Gartner predicts 50% of identity governance and admin (IGA) vendors will offer predictive technologies. That’s up from less than 15% today. 

With so much at risk, organizations need a reliable solution that works for IT teams and end-users. Businesses are already avoiding and eliminating data breaches with Hitachi ID Bravura Discover, an automation first approach to identity and access. As an integral layer of the Hitachi ID Bravura Security Fabric, Hitachi ID Bravura Discover provides powerful risk and threat assessment that goes beyond surface vulnerabilities to help businesses get and stay ahead of cybersecurity threats with an arsenal of critical capabilities.

Complete Risk and Threat Assessment

To prevent system breaches, organizations need a deep & wide reaching solution. Hitachi ID Bravura Discover scans systems at-scale to discover accounts, groups, nested entitlements, and metadata beyond Windows and Linux to uncover critical and hidden vulnerabilities.

Hitachi ID Bravura Discover’s capabilities ensure security is an ongoing process that begins with identifying access risk & potential vulnerabilities. From the right business stakeholders can make informed decisions on how to modify impacted identity and access processes and remediate the discovered risks. It’s imperative that the output of Hitachi ID Bravura Discover feeds into identity process automation change or the detected risks will simply surface again as a result of bad business processes going unaddressed.

Proactive IAM and PAM Governance Reduces Risk

As ransomware attacks continue to increase, controlling who has access to critical systems and networks is a top priority for all businesses. With the most comprehensive and  in-depth risk and threat assessment, complete with resolution recommendations, Hitachi ID Bravura Discover quickly reveals identity and privileged access risks and threats. 

Its data- and metrics-driven ecosystem gives businesses proactive control with recommended automation driven fixes to solve security vulnerabilities quickly. By closing the loop between detection & automated remediation, organizations are able to respond quicker and keep systems secure.

Secure Automation That Scales

To achieve ongoing cybersecurity success, it’s crucial organizations have a solution that can easily grow with them. Hitachi ID Bravura Discover’s mature connector library simplifies scaling, allowing businesses to quickly protect and confidently expand coverage to tens of thousands of systems. When you couple Hitachi ID Bravura Discover with Hitachi ID Bravura Identity and/or Bravura Privilege to turn actionable insights into automated remediation & mitigation, you can begin to level the playing field against evasive attackers.

A Step Ahead With One Simple Solution

The ultimate goal is to provide end users seamless access to the data and resources they need without exposing the business to vulnerabilities. To achieve this, organizations need a cohesive access management ecosystem that truly covers every piece of their hybrid IT environment. The integrated Hitachi ID Bravura Security Fabric provides this required depth & reach, so no layer needs to be left unprotected.

As part of the Hitachi ID Bravura Security Fabric, Hitachi ID Bravura Discover, along with Identity, Privilege, Pass, and Group offer technological and architectural building blocks with decades of reliability to protect, manage, and protect your entire digital identity and access infrastructure from malicious attackers.

You can learn more about Hitachi ID Bravura Discover and how organizations can get ahead of hackers with automation in our recent webinar, now available on demand: A Winning Cybersecurity Formula to Reduce Risk


How to Complete Your Zero Trust Mission With a Single Pane of Glass

  January 14th, 2021

Since it was first coined by Forrester more than a decade ago, the Zero Trust model has proven its strength in identity and access management (IAM), relying on strict controls and not trusting anything by default. The events of 2020 have made Zero Trust (ZT) a priority once again as remote working requirements expanded every organizations’ networks well beyond the office walls.

The flexibility of the cloud made the swift shift to remote work possible, but it also introduced more than a few challenges for IAM and ZT. The challenges are compounded by the hybrid situations most companies find themselves in: still unable to move everything to the cloud while simultaneously in search of solutions that can better integrate with their on-premise and legacy systems. Unfortunately, this has often resulted in a disconnected patchwork of not quite connected quick fixes.

Piecemeal solutions are not sustainable. Businesses need one source of truth — one pane of glass — that brings all of these otherwise disparate technologies together in one platform. This saves organizations time and resources, keeps costs down, and seriously simplifies processes for IT teams.

The Hitachi ID Bravura Security Fabric gets organizations over these hurdles by bringing all of these critical needs into one solution and framework including Pass, Identity, Group, Privilege, and Discover. By shifting to a single pane of glass for IAM, organizations are able to better see the big picture and conquer even the most persistent challenges to achieve ZT success.

Bridge the Gaps

For many businesses, moving to the cloud is not a simple migration. It’s likely done in stages. Some businesses may even have highly regulated data that can’t be stored in the cloud at all and need to find hybrid solutions. On-premise and legacy problems don’t just go away when cloud services are introduced. Having a solution that can seamlessly integrate the cloud with existing architectures is a critical success factor.

The Hitachi Bravura Security Fabric and its extensive set of connectors significantly simplifies the integration of disparate systems. These connector capabilities are also core to the offerings within Hitachi ID Bravura Security Fabric, allowing organizations to easily turn on or off services (Pass, Identity, Group, Privilege, and Discover) as their business needs change.

Get a Handle on Groups

Across most industries, groups reign supreme as the primary access granting system for organizations. Keeping group access organized is a crucial aspect of maintaining a ZT model. All too often this is where wires get crossed — either by human error or a lack of access to controls beyond the IT team. Granting incorrect permissions via groups can spell disaster.

Organizations can avoid catastrophe with a few simple best practices: allow users group management access, automate where possible, create business friendly names for groups, etc. Hitachi ID Bravura Group can help your IT team easily oversee all of these group activities to maintain visibility and control over these critical access points. By balancing user access with IT oversight, organizations can maintain IAM and ZT success.

Increase Resiliency With Adaptive Authentication

As our recent survey uncovered, remote access remains a top IAM challenge and priority for many organizations. User authentication and password management is a critical component of remote access strategies and the ZT model. With remote access, IT teams face challenges caused by overly simple, misplaced, and generally compromised passwords and credentials. Remote working environments have only increased the risk surrounding these vulnerabilities, especially with insufficient support access.

Hitachi ID Bravura Pass helps businesses tackle these risks by providing resources to help users better manage their own credentials, including:

  • Strong authentication (MFA) and federated access (Security Assertions Markup Language (SAML) 2.0 identity provider (IdP) )
  • Self-service password and PIN reset
  • Self-service unlock of encrypted drives
  • Password synchronization
  • Managed enrollment of security questions, mobile phone numbers, personal e-mail addresses and biometrics

The Future of Zero Trust in the Cloud

Cloud environments present a fresh host of IAM and ZT challenges and the fact is siloed technologies cannot address these issues. By bringing together the tools to manage all of these business-critical pieces in one place, companies have a comprehensive collection of tools and resources that streamlines IAM in a single, secure, scalable solution.

We covered all of this and more in our recent webinar with Hitachi ID partner IntiGrow. As a leading global enterprise information security company and one of our channel partners, IntiGrow delivers comprehensive security solutions empowering enterprises to proactively detect and prevent security threats to their computing infrastructure, data, and applications.

Learn more about IntiGrow and the rest of our channel partners here and see the full webinar now available on demand by following this link: Complete Your Zero Trust Mission Using a Single Pane of Glass


The Future of IAM and PAM: Hitachi ID Bravura Security Fabric

  January 4th, 2021

In the age of digital transformation, protecting against threats is increasingly complex but also crucial as organizations face a constantly evolving cyberattack landscape.

This swiftly shifting environment has left many organizations with a collection of insufficient options when it comes to their identity and access (IAM) and privileged access (PAM) management solutions. Some must prioritize one essential service over another. Others have to patch together multiple services and platforms to cover their needs. Then there are those who have to settle for an incomplete system due to legacy assets.

What’s the solution?

Organizations need flexibility and reliability to power these critical systems with technological and architectural building blocks that protect, manage, and govern the entire IAM and PAM infrastructure.

Hitachi ID Bravura Security Fabric delivers on all of the above with a singular, powerful framework and platform that brings together all the layers of IAM and PAM solutions organizations need to manage and protect their most critical and sensitive identity data.

Hitachi ID has always strived to help businesses achieve access management success, and our latest solution and architecture, the Hitachi ID Bravura Security Fabric, continues that tradition.

The Right Platform and Framework

First and foremost, the Hitachi ID Bravura Security Fabric offers all of the IAM and PAM solutions organizations need in one place. The Hitachi ID Bravura Security Fabric brings together mature automation and detection, governance and compliance, analytics and reporting.

Plus, as a single open architecture platform and the industry’s largest organically grown connector portfolio, it offers a robust API platform to complete your security strategy. That means no more patching together solutions and potentially creating system vulnerabilities in the process. IT leaders can also simplify vendor selection and program deployment, streamline SLAs, and lower the overall cost.

Right-Sized for Your Business Needs

Hitachi ID Bravura Security Fabric isn’t solely a single solution for your IAM and PAM needs — it’s actually five. The security fabric architecture includes: Identity, Privilege, Pass, Group, and our threat detection layer Discover. This collection of services allows companies to weave patterns of functionality to protect against continual threats and ensure your identity and access security program is covered.

Every organization may not yet need this robust of a solution. That’s why the Bravura Security Fabric is built to be easily scaled up or down based on business needs. As new threats are uncovered or your roadmap evolves, turn services on or off as needed without the need to install other products.

Equipped to Combat Complex Cyberattacks Head On

What’s the best weapon organizations can deploy against increasingly sophisticated attacks? Automation. The Hitachi ID Bravura Security Fabric automation-first approach gives IT teams agility to accurately configure your identity and access solution and provide continual protection.

Hitachi ID Bravura secures your systems faster and more effectively than access certification and individual products. That’s just the start. Our threat and detection response layer, Hitachi ID Bravura Discover, gets ahead of the game by revealing changing risks before they happen and identifying threats below the surface — allowing your team time to resolve them before they become a larger issue.

The Right Roadmap for Your Industry

With more than two decades of experience and deployments around the world, Hitachi ID has honed in on how to deliver faster time to value across industries. We used these best practices to develop the Hitachi ID Bravura Security Fabric and the supporting Patterns customized for industries and products. These templatized solutions reduce time, cost and risk for IAM deployments from months to days.

The Power of One

By creating one, single source of truth for IAM and PAM solutions, the Hitachi ID Bravura Security Fabric empowers organizations to better navigate the increasingly difficult terrain of cybersecurity. You can learn more about Hitachi ID Bravura Security Fabric and the future of IAM and PAM through our on demand sessions from our first Digital Identity & Access Virtual Summit.