How to Protect Remote Access with PAM

The Covid-19 pandemic has caused massive adoption of remote working models in organizations of all sizes. Besides, security leaders have also accelerated the migration of their infrastructure to cloud environments. According to a study conducted in partnership by Forrester and CloudFare, 52% of the organizations surveyed indicated that the pandemic has caused a shift to cloud-based working models.

In these models, both employees and third parties need to have access to critical systems through privileged credentials, so that they can perform their daily tasks. And with the increase in the number of third parties, there was also an increase in the number of data leaks attributed to them. According to a study by Trustwave, 63% of these security incidents were caused by third parties, which makes this type of access an important attack vector in organizations. The associated costs are also higher. According to the Cost of a Data Breach 2020 report, the average cost of a data leak reaches USD 3.86 million. And leaks caused by third parties were one of the factors associated with even greater losses.

Considering this infrastructure that is distributed outside the security perimeter, many people responsible for Information Security have made their cybersecurity policies less restrictive, allowing access through insecure devices and networks (including BYOD or Bring Your Own Device), even VPNs without the proper security controls in place. And we already know that it is impossible to track what is not managed.

All of these aspects introduced new business risks and concerns for cybersecurity teams. In a study published by PDM Insights, 73% of IT decision-makers who responded to the survey recognize these new challenges. The related risks include opening phishing emails (for 38% of respondents) and inappropriate administrative access (37%), which required CISOs to seek the implementation of Zero Trust-based approaches.

In Zero Trust models, there is no concept of trust within the perimeters of the organizations’ infrastructure, and all actions taken by users must be continuously verified. Forrester reports that the percentage of IT leaders who have accelerated their investments in Zero Trust-based technologies reaches 76%. In addition, the same percentage also identified Identity and Access Management (IAM) as the biggest challenge for their Security teams. An example of Zero Trust-based IAM technology is just-in-time access.

In just-in-time accesses, access to applications or systems is allowed only at predetermined periods and on-demand. Therefore, through just-in-time it is possible to grant the required privileges for the performance of certain administrative tasks through the provisioning and de-provisioning of access in time of use, thus reducing the attack surface and the associated cybersecurity risks. As organizations adapt to a new working model, which includes the consolidation of remote work and the increase of third parties in the infrastructure, the use of PAM tools is imperative for security leaders to ensure compliance with policies and security regulations, such as PCI-DSS, HIPAA, and SOx. Also, it is possible to meet the requirements of data protection laws, such as LGPD and GDPR, mitigating security risks and preventing data leaks that can cost millions in fines, in addition to the loss of revenue, customers, and corporate reputation.

To solve the problems involved in the remote work of employees and third parties, senhasegura has launched Domum, which offers users secure access based on Zero Trust to devices of the corporate infrastructure wherever they are, without the need for VPN, installation of agents, and additional licensing or configurations. Access is granted instantly, easily, and securely, without exposing device passwords and without the user needing access credentials to the PAM security platform.

It works as follows: whenever it is necessary for an employee or third party to perform remote access to any device managed by the PAM platform in the infrastructure, senhasegura Domum will perform the provisioning of access using a just-in-time approach, sending an approved access link to the user, allowing immediate access only to authorized devices.

senhasegura Domum allows configuring access workflows at multiple levels to allow access, in addition to the high granularity offered by the PAM security platform, already recognized by the market. In this way, it is possible to have maximum adherence to the organization’s access policies, allowing the reduction of implementation and customization costs. After the predetermined time of authorization, access is revoked and the link is no longer valid, preventing the employee or third party from proceeding with malicious privileged actions on devices in the infrastructure, which allows for a smaller attack surface and security risks associated with the exploitation of privileged credentials. Besides, by automating the process of granting and revoking privileged access on devices used by third parties, senhasegura ensures the reduction of operational expenses with access management.

Domum also offers all the features offered by the senhasegura PAM platform, such as real-time monitoring of the actions performed. Through LiveStream, an auditor can check the actions taken by a user, allowing the blocking or closing of the remote session in case of non-compliance or if a malicious action is detected. Other features of senhasegura also offered by Domum include session recording, analysis of threats user behavior. Thus, one can reduce the time to detect and respond to malicious actions before the malicious attacker is able to take them. As a result, there is maximum visibility of privileged actions performed in the environment and compliance with regulatory standards.

Ensuring the protection of remote access for a lot of users working remotely is more than an optional security requirement, it is a business must. Therefore, by using the senhasegura PAM platform and senhasegura Domum to manage privileged access, you can reduce the attack surface and the associated security risks, avoiding data leaks and ensuring business continuity.