Posts Tagged ‘Zero Trust’

Managing Privileged Access on Endpoint Devices in a Zero Trust Paradigm

  February 9th, 2021

The current approaches to privileged access management are no longer enough to protect evolving IT environments in the face of ever-changing mounting cybersecurity threats. Networks have become a dynamic landscape, and the traditional methods that focus on keeping attackers out of the network are no longer enough because they are just as susceptible to users and devices inside. Closed environments and traditional perimeter-based security lacks the finesse and control needed to restrict breaches and attacks from within. IT leadership needs to take a more evolved and comprehensive approach to secure access across applications and environments.

Many organizations have moved to zero trust models to combat open and vulnerable architectures. In short, a zero trust approach trusts no one and assumes the network is vulnerable. It challenges the user or device to prove that they are not attackers. This shift demonstrates the need for many organizations to rethink their conventional techniques to address changing network environments. Moreover, IT decision-makers should also reexamine the very composition of the systems they’re protecting.

Reevaluating Established PAM Security Modes

While much of the focus of PAM solutions has pointed towards protecting cloud and on-premise server hosting environments, it’s clear from this evolving network landscape that there are genuinely no “closed” systems. Therefore, IT decision-makers shouldn’t overlook impacts to the end user (i.e., laptops and mobile devices) because organizations that grant users privileged access to their endpoint devices expose system infrastructures to elevated security risks.

On their own, techniques such as enforcing the use of strong passwords and periodic password resets have proven to be woefully inadequate in traditional systems that don’t account for compromised users already present within the network. In fact, according to a recent poll from Enterprise Management Associates (EMA), which was sponsored by Hitachi ID, businesses that allow users to retain local administrator rights were 34% more likely to report incidents of compromised privileged account credentials. In addition, end-user device performance impacted by inappropriate privileged activity was reported twice as frequently by organizations that allow privileged device users than those that limit this access to qualified administrators.

Furthermore, even though many organizations grant end-users privileged access to reduce the day-to-day management burden on IT administrators, they often achieve the opposite outcome. One-third of surveyed organizations that allow end-users privileged access to their workstations report overall PAM processes are somewhat or very difficult to manage. Only 21% of businesses that restrict non-administrator privilege access to endpoint devices noted the same. This demonstrates more granular PAM policy enforcement requirements, such as limiting privileged access times and types, are simplified demonstrably by reducing the number of privileged users.

Managing Privileged Access On Endpoint Devices Matters

What does that mean to the management of privileged access on endpoint devices? The crucial takeaway from these findings is that modern businesses needing to grant local administrator rights to end users should adopt a PAM-specific platform that builds upon a zero trust framework. They should define and enforce policies that support “least privilege” requirements on endpoint devices, allowing access on as required basis, and the system must evaluate and establish trust in the user before granting access.

If your IT leadership is looking to implement a dynamic and capable zero trust model, Hitachi ID Bravura Privilege is a reference level solution that can revolutionize your digital identity program by leveraging the principles of least privilege. This dynamic and strictly enforced end-user authentication is the basis of zero-trust architecture that can effectively assess threats and adapt to open, changing network infrastructures and reduce management efforts while boosting security capability.

A Holistic Review

Whether your organization is considering an overhaul to its entire system or just reevaluating the management of endpoint devices within an existing PAM system, it’s clear best practices encourage moving away from perimeter based to zero trust security models. As the networks they are hoping to protect become less closed and endpoint devices become risks within the perimeter of security networks, IT leaders should look inward to protect the integrity of system infrastructures.

For more information on PAM best practices and key takeaways from EMA, you can access the full report here: Advancing Privileged Access Management (PAM) to Address Modern Business Requirements.


Leaders Value These Key Identity and Access Management Automation Payoffs

  January 15th, 2021

Identity and access management (IAM) automation is an undeniable game changer in higher education, with countless advantages for colleges and universities. So, when we recently worked with Pulse to survey IT leaders in higher education, we were a little surprised by the narrow scope of some of the results. When asked what automation benefits they’re most looking forward to, most of the answers centered around three categories:

  • Reduced security risk
  • Boosted confidence in compliance status
  • A shift from reactive to proactive threat detection

All of these are certainly key benefits for higher education; however, the payoffs for colleges and universities go well beyond these three. Automation can increase efficiency, resiliency, and accuracy in a number of ways.

More Time for Strategic Initiatives

While just over a third of respondents showed interest in this benefit, the importance of time saved cannot be overstated. Institutions that no longer have to spend time manually managing IAM can instead dedicate those resources to more innovative projects. Whether it’s app development, streamlining processes across departments, or focusing on end user experience, removing the more time-consuming parts of identity and access management allows colleges and universities to devote more resources towards strategic thinking.

Improved End User Experience

With so many other priorities to manage, user experience can get left behind. Our recent survey certainly reflected that: only 13% of respondents noted it as an expected benefit. Overlooking this vital piece of the IAM roadmap may expedite processes in the short-term, but poor UX can create extra work (i.e., onboarding challenges and overall usage issues) down the road if neglected for too long.

Simplified Workflows and Streamlined, Modernized Processes

Never underestimate the power of simpler processes. These automation bonuses may have only sparked excitement in around 10% of our IT leaders, but these streamlined workflows can make all the difference for universities. This is especially true for larger institutions who are tasked with identity and access management across multiple departments and colleges where automation can save countless hours.

Hurdles That are Holding Back Critical Growth

Unfortunately, due to obstacles faced by much of higher education, that automation panacea is still a ways off. The following hurdles are holding back critical growth for identity and access management in higher education and overcoming them will be crucial for success in the future.

Budget Constraints

Pre-pandemic, higher education was already facing budget cuts. Now, Covid-19 has only further intensified financial constraints. IT departments at colleges and universities, in particular, have been faced with unforeseen challenges as they were forced to quickly adapt for remote learning and then strengthen these swift solutions as the pandemic stretched on. Of course, this increase in internal IT demand had its own financial outlays and was simultaneously coupled with schools needing to tighten their budgets even further.

In our survey, all IT leaders agreed that budget is a primary roadblock for identity and access management automation. While there’s no easy solution for these financial hurdles, clearly communicating the full value of IAM automation (long-term cost savings, more efficient processes, fewer errors, etc.) will strengthen efforts to implement these essential processes and solutions.

Existing Infrastructure Investments

Legacy systems make those budget constraints even more challenging to overcome, as many schools have put significant amounts of time and financial investment into these systems and processes. Making the switch to a new automated system is about more than the financial cost, it’s also the time needed to onboard and implement that new technology — especially training teams and getting them up to speed with the new IAM solution.

All IT leaders we surveyed selected this as an impediment on the road to automation. Understanding that the investment — both time and cost — is worth the increase in efficiency, security, and so much more will allow colleges and universities to expedite their automation journey.

Executive Buy-in

Ultimately, automating identity and access management in higher education requires that IT leaders achieve buy-in from all decisions makers. While those in the trenches of the IT department may have a clear understanding of the benefits of automation, communicating that with the C-suite can present its own challenges.

While three-quarters of respondents identified executive buy-in as an automation hindrance, for schools struggling to convince decision makers of the value, it can be the sole roadblock to automation. As is the case with budget constraints, presenting the ROI of automation (time saved, decrease in human error, and as a result, reduced long-term costs) will be key in convincing leadership to commit to this essential evolution.

All of these challenges certainly present stumbling blocks on the path to IAM automation for colleges and universities. Clear communication of the return on this investment will be critical as higher education IAM moves forward.

Reputation Is Everything

Most end users may not be a decision maker at any colleges and universities, but they’re still certainly stakeholders when it comes to identity and access management. Whether it’s a student needing to reset their password from home or a new research project that requires specific entitlements, the process needs to be seamless, simple, and secure.

Clunky processes can create frustration for the end user (at best) and serious system vulnerabilities (at worst). It’s also worth noting that ultimately, when it comes to IAM processes, the opinions of end users can and do influence those who make the decisions.

End User Experience Also Has Pull

For many of these questions, the results matched the trends we’re witnessing in IAM for higher education. However, a few categories had some surprises, among them, end user experience (UX).

While only 13% of higher education IT executives cited the improvement of end user experience as a main benefit of IAM automation, two-thirds rated the influence of UX over the IAM roadmap as at least a 4 (on a scale of 1-5). End user experience isn’t driving IAM automation, but it still has plenty of pull when it comes to automation. Understanding its influence can help higher education better incorporate UX into automation plans moving forward.

Amplified by Remote Access

While remote access has always played a role in UX, the pandemic has made it a priority. Our survey reflected that 98% of those surveyed said UX improvement has risen in importance following the mass work-from-home migration and the broad swath of resources being accessed remotely. Remote access has also added another dimension to UX with IT teams needing to account for how remote students and faculty can reach support (for password problems or more serious issues) when the need arises.

Lighten the Load

While the end user is the focus of UX, higher education IT teams will also reap some of the benefits. Seamless, simple, secure IAM that’s easy to use and incorporates support solutions that users can access remotely, will ultimately remove many of those tasks (password resets, permission updates, etc.) from the IT team’s to-do list. Fewer user issues means less problem solving for your IT team, freeing them to focus on more strategic initiatives — further improving processes, application development, or whatever innovation is next.

User Experience Smart From the Start

UX may not be the driving force for higher education IAM automation, but IT leaders still need to keep its impact and influence in mind when plotting out their identity and access management roadmaps. When higher education IT leaders incorporate UX into IAM automation strategies from the start, they can stay ahead of any complications and ensure IAM automation benefits all stakeholders.

Get our one minute whitepaper to read the full results of our survey and learn more about IAM automation challenges and benefits for higher education in our resource:

Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

Join Hitachi ID and Pulse for an upcoming webinar to learn more about how higher education is using automation to complement identity and access management governance in their zero trust strategies to protect data against cyber security attacks.